CVE-2014-2544

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-2544
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt Vendor Advisory
http://www.tibco.com/mk/advisory.jsp Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tibco:web_player:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:web_player:5.0.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:tibco:automation_services:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:automation_services:5.5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:tibco:spotfire_server:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:5.5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:tibco:spotfire_professional:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_professional:5.5.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:tibco:analyst:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:desktop:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:tibco:deployment_kit:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:deployment_kit:5.0.0:*:*:*:*:*:*:*
Information

Published : 2014-04-09 17:55

Updated : 2014-04-10 08:13

NVD link : CVE-2014-2544

Mitre link : CVE-2014-2544

JSON object : View

CWE
NVD-CWE-noinfo
Advertisement

dedicated server usa
Products Affected

tibco

  • deployment_kit
  • web_player
  • spotfire_server
  • desktop
  • spotfire_professional
  • automation_services
  • analyst