CVE-2020-9416
15.09.2020, 19:15
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
| Vendor | Product | Version |
|---|---|---|
| tibco | spotfire_analyst | 10.7.0 |
| tibco | spotfire_analyst | 10.8.0 |
| tibco | spotfire_analyst | 10.9.0 |
| tibco | spotfire_analyst | 10.10.0 |
| tibco | spotfire_analytics_platform | 10.7.0 |
| tibco | spotfire_analytics_platform | 10.8.0 |
| tibco | spotfire_analytics_platform | 10.8.1 |
| tibco | spotfire_analytics_platform | 10.9.0 |
| tibco | spotfire_analytics_platform | 10.10.0 |
| tibco | spotfire_analytics_platform | 10.10.1 |
| tibco | spotfire_desktop | 10.7.0 |
| tibco | spotfire_desktop | 10.8.0 |
| tibco | spotfire_desktop | 10.9.0 |
| tibco | spotfire_desktop | 10.10.0 |
| tibco | spotfire_server | 10.7.0 |
| tibco | spotfire_server | 10.8.0 |
| tibco | spotfire_server | 10.8.1 |
| tibco | spotfire_server | 10.9.0 |
| tibco | spotfire_server | 10.10.0 |
| tibco | spotfire_server | 10.10.1 |
𝑥
= Vulnerable software versions
References