CVE-2018-12410
Summary
| CVE | CVE-2018-12410 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-10 20:29:00 UTC |
| Updated | 2019-10-09 23:33:00 UTC |
| Description | The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Tibco | Spotfire Statistics Services | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TIBCO Spotfire Statistics Services CVE-2018-12410 Multiple Remote Code Execution Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| TIBCO Security Advisory: October 10, 2018 - TIBCO Spotfire Statistics Services | TIBCO Software | CONFIRM | www.tibco.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.