CVE-2018-12410

TIBCO Spotfire Statistics Services remote execution vulnerabilities

CVSS 9.8 CRITICALEPSS 4.0%

In short

TIBCO Spotfire Statistics Services has a critical flaw that lets attackers run malicious code on the server without logging in. This can give them full control over the system.

Technical detail

Multiple unauthenticated remote code execution vulnerabilities exist in the web server component of TIBCO Spotfire Statistics Services (≤7.11.0). An attacker can exploit these without authentication to execute arbitrary code with the privileges of the web server process, potentially leading to complete system compromise.

Summary generated and translated by AI from the official description.

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

TIBCO Software Inc. · TIBCO Spotfire Statistics Services

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics http://www.securityfocus.com/bid/105558