CVE-2012-0690

TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.

Published: Mar 13, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0690
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
tibco / spotfire_server	3.0.0	3.0.0.x
tibco / spotfire_server	3.3.0	3.3.0.x
tibco / spotfire_server	3.1.1	3.1.1.x
tibco / spotfire_server	3.1.0	3.1.0.x
tibco / spotfire_server	3.2.0	3.2.0.x
tibco / spotfire_analytics_server	10.0.0	10.0.0.x
tibco / spotfire_analytics_server	10.0.1	10.0.1.x
tibco / spotfire_server	3.0.1	3.0.1.x
tibco / web_player_automation_services	-	-
tibco / spotfire_professional	-	4.0.1.x

http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp

Vulnerability Database

289,784

CVE-2012-0690