CRITICAL✓ PATCH🇬🇧 English

CVE-2018-12410

CVSS 9.8v3.0pub. 2018-10-10upd. 2024-11-21

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tibco Spotfire Statistics Services

    APP
    Tibco
    ≤ 7.11.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-3115CRITICAL9.4PL ✓ten sam produkt

RCE w Tibco Spotfire — wstrzyknięcie kodu i nievalidowane nazwy plików

CVE-2023-29268CRITICAL9.8ten sam produkt

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerabilit...

CVE-2021-23275HIGH8.8ten sam produkt

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, T...

CVE-2021-28830HIGH8.8ten sam produkt

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterpr...

CVE-2019-11204HIGH8.8ten sam produkt

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerabili...