TIBCO Spotfire Data Science Vulnerable to Persistent Cross-Site Scripting
Original release date: March 26, 2019
Source: TIBCO Software Inc.
- TIBCO Data Science for AWS versions 6.4.0 and below
- TIBCO Spotfire Data Science versions 6.4.0 and below
The following component is affected:
- application server
The component listed above contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users.
The impact of these multiple vulnerabilities includes the theoretical possibility that a malicious actor could gain more privileged access to the web server component.
CVSS v3 Base Score: 7.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
TIBCO has released updated versions of the affected systems which address these issues.
- TIBCO Data Science for AWS versions 6.4.0 and below upgrade to version 6.4.1 or higher
- TIBCO Spotfire Data Science versions 6.4.0 and below upgrade to version 6.4.1 or higher