CVE-2018-18814— TIBCO Spotfire Authentication Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-18814
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TIBCO Spotfire Authentication Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TIBCO Spotfire Analytics Platform for AWS Marketplace和TIBCO Spotfire Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TIBCO Spotfire Analytics Platform for AWS Marketplace和Spotfire Server都是美国TIBCO软件公司的产品。TIBCO Spotfire Analytics Platform for AWS Marketplace是一套为云应用商店AWS提供数据可视化分析的平台。Spotfire Server是一套基于TIBCO Spotfire(数据分析和挖掘工具)的为企业提供整合、运行和管理的平台。 TIBCO Spotfire Analytics Pl
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace | unspecified ~ 10.0.0 | - | |
| TIBCO Software Inc. | TIBCO Spotfire Server | unspecified ~ 7.10.1 | - |
II. Public POCs for CVE-2018-18814
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-18814
请登录查看更多情报信息。
- http://www.tibco.com/services/support/advisoriesx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-18814
Same Patch Batch · TIBCO Software Inc. · 2019-01-16 · 3 CVEs total
| CVE-2018-18812 | TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library | |
| CVE-2018-18813 | TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities |
IV. Related Vulnerabilities
Same product: TIBCO Spotfire Analytics Platform for AWS Marketplace
- CVE-2022-30579
TIBCO Spotfire Server Blind SSRF vulnerability - CVE-2020-9408
TIBCO Spotfire Server Script Trust Problem Exposes Remote Co - CVE-2019-17337
TIBCO Spotfire Server Library Vulnerable to Reflected Cross- - CVE-2019-17336
TIBCO Spotfire Web Player Potentially Exposes Credentials Fo - CVE-2019-17335
TIBCO Spotfire Server Exposes User-Specific Cached Data To O
Same vendor: TIBCO Software Inc.
- CVE-2024-1137
TIBCO ActiveSpaces Information Leak Vulnerability - CVE-2024-1138
TIBCO FTL Privilege Escalation - CVE-2023-26222
TIBCO EBX Cross-site Scripting (XXS) Vulnerability - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerabi - CVE-2023-26219
TIBCO Operational Intelligence Hawk RedTail Credential Expos
V. Comments for CVE-2018-18814
No comments yet