CVE-2014-2544

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
tibcoweb_player
𝑥
≤ 4.0.3
tibcoweb_player
4.5.0
tibcoweb_player
4.5.1
tibcoweb_player
5.0.0
tibcoweb_player
5.0.1
tibcoweb_player
5.5.0
tibcoweb_player
6.0.0
tibcoautomation_services
𝑥
≤ 4.0.3
tibcoautomation_services
4.5.0
tibcoautomation_services
4.5.1
tibcoautomation_services
5.0.0
tibcoautomation_services
5.0.1
tibcoautomation_services
5.5.0
tibcoautomation_services
6.0.0
tibcospotfire_server
𝑥
≤ 3.3.3
tibcospotfire_server
4.5.0
tibcospotfire_server
5.0.0
tibcospotfire_server
5.0.1
tibcospotfire_server
5.5.0
tibcospotfire_server
6.0.0
tibcospotfire_server
6.0.1
tibcospotfire_professional
𝑥
≤ 4.0.3
tibcospotfire_professional
4.5.0
tibcospotfire_professional
4.5.1
tibcospotfire_professional
5.0.0
tibcospotfire_professional
5.0.1
tibcospotfire_professional
5.5.0
tibcospotfire_professional
6.0.0
tibcoanalyst
𝑥
≤ 6.0.0
tibcodesktop
𝑥
≤ 6.0.0
tibcodeployment_kit
𝑥
≤ 4.0.3
tibcodeployment_kit
4.5.0
tibcodeployment_kit
4.5.1
tibcodeployment_kit
5.0.0
tibcodeployment_kit
5.0.1
tibcodeployment_kit
5.5.0
tibcodeployment_kit
6.0.0
𝑥
= Vulnerable software versions
References
http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt
http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt