{"containers": {"cna": {"affected": [{"product": "TIBCO Spotfire Server", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "7.5.0"}, {"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.7.0"}, {"status": "affected", "version": "7.8.0"}]}, {"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "7.8.0"}]}], "datePublic": "2017-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "SQL injection attack", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-22T09:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"}, {"name": "98398", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98398"}], "title": "TIBCO Spotfire injection vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2017-05-09T09:00:00-07", "ID": "CVE-2017-5527", "STATE": "PUBLIC", "TITLE": "TIBCO Spotfire injection vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Spotfire Server", "version": {"version_data": [{"version_value": "7.0.0"}, {"version_value": "7.0.1"}, {"version_value": "7.5.0"}, {"version_value": "7.6.0"}, {"version_value": "7.7.0"}, {"version_value": "7.8.0"}]}}, {"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "version": {"version_data": [{"version_value": "7.8.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL injection attack"}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server", "refsource": "CONFIRM", "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"}, {"name": "98398", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98398"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:04:15.132Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"}, {"name": "98398", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98398"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2017-5527", "datePublished": "2017-05-09T20:00:00Z", "dateReserved": "2017-01-19T00:00:00", "dateUpdated": "2024-09-16T19:46:16.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "matchCriteriaId": "1614C09A-D958-4F03-AAC7-C84D4D783688", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84EC1E4C-EA97-4892-BD26-23690194F693", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C801DEF3-64D4-4FE0-A990-C59B2B1F1CD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC043E53-0A6D-4CB9-A54F-459561A3ADCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BFD4F32-E3FA-46BC-B927-C0333C27B6F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "4FABB2EC-0B87-4C03-812D-CCF5DFD29CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0DEA557-475A-451E-B958-A15B6E7A5E71", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."}, {"lang": "es", "value": "Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform  versi\u00f3n 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyecci\u00f3n SQL."}], "id": "CVE-2017-5527", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-09T20:29:00.163", "references": [{"source": "security@tibco.com", "url": "http://www.securityfocus.com/bid/98398"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/98398"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}