XSS in Tibco Spotfire_analytics_platform_for_aws
CVE-2018-18813
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting atta…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.015 (70.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Tibco Spotfire_analytics_platform_for_aws
- Tibco Spotfire_server — versions 7.11.0, 7.11.1, 7.12.0
- Tibco Software Inc. Spotfire Analytics Platform For Aws Marketplace — versions unspecified
- Tibco Software Inc. Spotfire Server — versions 7.14.0, unspecified, 10.0.0
Weakness classification (CWE)
References
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-18813?
- CVE-2018-18813 is a high-severity vulnerability in Tibco Spotfire_analytics_platform_for_aws, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2019-01-16.
- How severe is CVE-2018-18813?
- High severity. CVSS v3 base score is 8.8 out of 10.