漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files
Vulnerability Description
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款TIBCO产品Visualizations组件安全漏洞
Vulnerability Description
多款TIBCO产品中的Visualizations组件存在安全漏洞。攻击者可通过向Spotfire库中写入DXP文件利用该漏洞以其他用户身份执行攻击者选择的代码。以下产品及版本受到影响:TIBCO Spotfire Analyst 7.11.1及之前版本,7.12.0版本,7.13.0版本,7.14.0版本,10.0.0版本,10.1.0版本,10.2.0版本,10.3.0版本,10.3.1版本,10.3.2版本,10.4.0版本,10.5.0版本,10.6.0版本;TIBCO Spotfire Anal
CVSS Information
N/A
Vulnerability Type
N/A