CVE-2020-9408 : Security Advisory and Response

TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server are affected by a critical vulnerability that could allow an attacker to execute arbitrary code with system privileges.

Understanding CVE-2020-9408

This CVE involves a vulnerability in the Spotfire library component of TIBCO's software, potentially leading to remote code execution.

What is CVE-2020-9408?

The vulnerability allows an attacker with write permissions to modify attributes of files and objects saved to the library, tricking the system into treating them as trusted, enabling the execution of arbitrary code.

The Impact of CVE-2020-9408

The vulnerability could lead to the execution of arbitrary code with the privileges of the system account that initiated the Spotfire Web Player, Analyst clients, or TERR Service.

Technical Details of CVE-2020-9408

The following technical details provide insight into the vulnerability and affected systems.

Vulnerability Description

The flaw in the Spotfire library component allows attackers to manipulate files and objects to execute arbitrary code.

Affected Systems and Versions

TIBCO Spotfire Analytics Platform for AWS Marketplace: <= 10.8.0
TIBCO Spotfire Server: <= 7.11.9, 7.12.0, 7.13.0, 7.14.0, 10.0.0 - 10.8.0

Exploitation Mechanism

Attackers with write permissions can modify files to execute code with system privileges.

Mitigation and Prevention

To address CVE-2020-9408, follow these mitigation strategies:

Immediate Steps to Take

Update TIBCO Spotfire Analytics Platform to version 10.8.1 or higher
Update TIBCO Spotfire Server to version 7.11.10 or higher

Long-Term Security Practices

Regularly review and update permissions in the Spotfire Library
Monitor for unauthorized changes in the library

Patching and Updates

TIBCO has released updated versions for affected components to address the vulnerability
Update TIBCO Spotfire Server versions to 10.8.1 or higher