Vulnerability-Lookup

CVE-2017-5527 (GCVE-0-2017-5527)

Vulnerability from cvelistv5 – Published: 2017-05-09 20:00 – Updated: 2024-09-16 19:46

Title

TIBCO Spotfire injection vulnerabilities

Summary

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N

CWE

SQL injection attack

Assigner

tibco

References

URL

Tags

	http://www.tibco.com/support/advisories/2017/05/t…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98398	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

TIBCO Software Inc.

TIBCO Spotfire Server

Affected: 7.0.0
Affected: 7.0.1
Affected: 7.5.0
Affected: 7.6.0
Affected: 7.7.0
Affected: 7.8.0

TIBCO Software Inc.

TIBCO Spotfire Analytics Platform for AWS Marketplace

Affected: 7.8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:15.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
          },
          {
            "name": "98398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98398"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Spotfire Server",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.7.0"
            },
            {
              "status": "affected",
              "version": "7.8.0"
            }
          ]
        },
        {
          "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "7.8.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL injection attack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-22T09:57:01.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
        },
        {
          "name": "98398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98398"
        }
      ],
      "title": "TIBCO Spotfire injection vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2017-05-09T09:00:00-07",
          "ID": "CVE-2017-5527",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Spotfire injection vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Spotfire Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.7.0"
                          },
                          {
                            "version_value": "7.8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL injection attack"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
            },
            {
              "name": "98398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98398"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2017-5527",
    "datePublished": "2017-05-09T20:00:00.000Z",
    "dateReserved": "2017-01-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:46:16.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-CFR5-RFJ7-VJC4

Vulnerability from github – Published: 2022-05-17 02:44 – Updated: 2022-05-17 02:44

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-09T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.",
  "id": "GHSA-cfr5-rfj7-vjc4",
  "modified": "2022-05-17T02:44:23Z",
  "published": "2022-05-17T02:44:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5527"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98398"
    },
    {
      "type": "WEB",
      "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-07373

Vulnerability from cnvd - Published: 2017-05-24

Title

TIBCO Spotfire Server和Spotfire Analytics Platform for AWS Marketplace SQL注入漏洞

Description

TIBCO Spotfire Server和Spotfire Analytics Platform for AWS Marketplace都是美国TIBCO软件公司的产品。前者是一套基于TIBCO Spotfire（数据分析和挖掘工具）的为企业提供整合、运行和管理的平台。后者是一套为云应用商店AWS提供数据可视化分析的平台。 TIBCO Spotfire Server和Spotfire Analytics Platform for AWS Marketplace中存在SQL注入漏洞。攻击者可利用该漏洞实施SQL注入攻击，获取敏感数据。

Severity

中

Patch Name

TIBCO Spotfire Server和Spotfire Analytics Platform for AWS Marketplace SQL注入漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server

Reference

http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server https://nvd.nist.gov/vuln/detail/CVE-2017-5527 http://www.securityfocus.com/bid/98398

Impacted products

Name
['TIBCO Spotfire Server 7.0.，<7.0.2', 'TIBCO Spotfire Server 7.5.，<7.5.1', 'TIBCO Spotfire Server 7.6.，<7.6.1', 'TIBCO Spotfire Server 7.7.，<7.7.1', 'TIBCO Spotfire Server 7.8.*，<7.8.1', 'TIBCO Spotfire Analytics Platform for AWS Marketplace <=7.8.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98398"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5527",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5527"
    }
  },
  "description": "TIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace\u90fd\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u57fa\u4e8eTIBCO Spotfire\uff08\u6570\u636e\u5206\u6790\u548c\u6316\u6398\u5de5\u5177\uff09\u7684\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u6574\u5408\u3001\u8fd0\u884c\u548c\u7ba1\u7406\u7684\u5e73\u53f0\u3002\u540e\u8005\u662f\u4e00\u5957\u4e3a\u4e91\u5e94\u7528\u5546\u5e97AWS\u63d0\u4f9b\u6570\u636e\u53ef\u89c6\u5316\u5206\u6790\u7684\u5e73\u53f0\u3002\r\n\r\nTIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdSQL\u6ce8\u5165\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002",
  "discovererName": "TIBCO",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e:\r\nhttp://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07373",
  "openTime": "2017-05-24",
  "patchDescription": "TIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace\u90fd\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u57fa\u4e8eTIBCO Spotfire\uff08\u6570\u636e\u5206\u6790\u548c\u6316\u6398\u5de5\u5177\uff09\u7684\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u6574\u5408\u3001\u8fd0\u884c\u548c\u7ba1\u7406\u7684\u5e73\u53f0\u3002\u540e\u8005\u662f\u4e00\u5957\u4e3a\u4e91\u5e94\u7528\u5546\u5e97AWS\u63d0\u4f9b\u6570\u636e\u53ef\u89c6\u5316\u5206\u6790\u7684\u5e73\u53f0\u3002\r\n\r\nTIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdSQL\u6ce8\u5165\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TIBCO Spotfire Server 7.0.*\uff0c\u003c7.0.2",
      "TIBCO Spotfire Server  7.5.*\uff0c\u003c7.5.1",
      "TIBCO Spotfire Server 7.6.*\uff0c\u003c7.6.1",
      "TIBCO Spotfire Server  7.7.*\uff0c\u003c7.7.1",
      "TIBCO Spotfire Server 7.8.*\uff0c\u003c7.8.1",
      "TIBCO Spotfire Analytics Platform for AWS Marketplace \u003c=7.8.0"
    ]
  },
  "referenceLink": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5527\r\nhttp://www.securityfocus.com/bid/98398",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-15",
  "title": "TIBCO Spotfire Server\u548cSpotfire Analytics Platform for AWS Marketplace SQL\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2017-5527

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-5527

Aliases

CVE-2017-5527

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5527",
    "description": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.",
    "id": "GSD-2017-5527"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5527"
      ],
      "details": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.",
      "id": "GSD-2017-5527",
      "modified": "2023-12-13T01:21:13.862111Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@tibco.com",
        "DATE_PUBLIC": "2017-05-09T09:00:00-07",
        "ID": "CVE-2017-5527",
        "STATE": "PUBLIC",
        "TITLE": "TIBCO Spotfire injection vulnerabilities"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "TIBCO Spotfire Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.0.0"
                        },
                        {
                          "version_value": "7.0.1"
                        },
                        {
                          "version_value": "7.5.0"
                        },
                        {
                          "version_value": "7.6.0"
                        },
                        {
                          "version_value": "7.7.0"
                        },
                        {
                          "version_value": "7.8.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.8.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TIBCO Software Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
          }
        ]
      },
      "impact": {
        "cvssv3": {
          "BM": {
            "A": "N",
            "AC": "L",
            "AV": "N",
            "C": "L",
            "I": "N",
            "PR": "L",
            "S": "U",
            "SCORE": "4.3",
            "UI": "N"
          }
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "SQL injection attack"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
            "refsource": "CONFIRM",
            "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
          },
          {
            "name": "98398",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98398"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:spotfire_server:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "ID": "CVE-2017-5527"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
            },
            {
              "name": "98398",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/98398"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-05-23T01:29Z",
      "publishedDate": "2017-05-09T20:29Z"
    }
  }
}

FKIE_CVE-2017-5527

Vulnerability from fkie_nvd - Published: 2017-05-09 20:29 - Updated: 2025-04-20 01:37

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@tibco.com	http://www.securityfocus.com/bid/98398
security@tibco.com	http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98398
af854a3a-2127-422b-91ae-364da2661108	http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server	Vendor Advisory

Impacted products

Vendor	Product	Version
tibco	spotfire_analytics_platform_for_aws	*
tibco	spotfire_server	7.0.0
tibco	spotfire_server	7.0.1
tibco	spotfire_server	7.5.0
tibco	spotfire_server	7.6.0
tibco	spotfire_server	7.7.0
tibco	spotfire_server	7.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1614C09A-D958-4F03-AAC7-C84D4D783688",
              "versionEndIncluding": "7.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84EC1E4C-EA97-4892-BD26-23690194F693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C801DEF3-64D4-4FE0-A990-C59B2B1F1CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC043E53-0A6D-4CB9-A54F-459561A3ADCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFD4F32-E3FA-46BC-B927-C0333C27B6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FABB2EC-0B87-4C03-812D-CCF5DFD29CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0DEA557-475A-451E-B958-A15B6E7A5E71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."
    },
    {
      "lang": "es",
      "value": "Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform  versi\u00f3n 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyecci\u00f3n SQL."
    }
  ],
  "id": "CVE-2017-5527",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-09T20:29:00.163",
  "references": [
    {
      "source": "security@tibco.com",
      "url": "http://www.securityfocus.com/bid/98398"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/98398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5527 (GCVE-0-2017-5527)

GHSA-CFR5-RFJ7-VJC4

CNVD-2017-07373

GSD-2017-5527

FKIE_CVE-2017-5527

Tags

Sightings

Nomenclature