CVE-2017-5527 MEDIUM

CVE-2017-5527: TIBCO Spotfire injection vulnerabilities

Vendor Tibco Software Inc.
Product TIBCO Spotfire Server
Published May 9, 2017
Last update September 16, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N

What the vulnerability does

01Description

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

Key dates

02Disclosure timeline

May 9, 2017 CVE published
September 16, 2024 Record updated