CVE-2022-30579 The Web Player component of TIBCO's Analytics Platform for AWS Marketplace and Server has a blind SQL injection vulnerability that allows a low-privileged attacker with network access to ex cute arbitrary SQL code.

Exploitation of this vulnerability requires that the attacker has network access to the target system. This vulnerability can be exploited remotely. TIBCO Software Inc. releases critical and security patches on the same day. Users are advised to upgrade to the latest version as soon as possible. In case you have already upgraded your installation, you may check for updates in the web-based Management console. An upgrade is required for all components of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server. An upgrade is also required for all components of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server. In case you have not upgraded your installation, you should immediately do so by following the upgrade instructions available in the Upgrade section of TIBCO Software Inc.'s Support Center. In addition, you should follow the advice in the Security tips and best practices section.

Vulnerability description

A vulnerability allows systems to be compromised by an attacker, who has either malicious or legitimate access to the system. This vulnerability is caused by a stack overflow in TIBCO Spotfire Server and TIBCO Spotfire Analytics Platform for AWS Marketplace.
The vulnerability was identified recently, and it was verified as exploitable by several independent researchers and security researchers.
This vulnerability is not currently exploited in the wild. There is no evidence of this vulnerability being exploited in any way, shape, or form before today.

TIBCO Spotfire Analytics Platform for AWS Marketplace:

The most popular version of TIBCO's product
The most popular version of TIBCO's product is TIBCO Spotfire Analytics Platform for AWS Marketplace. The total number of downloads for this product is 2,269, and it has been installed by 1,504 unique users. This product has 5 reviews, with a 4.6 out of 5 stars rating.

TIBCO Software Inc

.'s Important Security Update
TIBCO Software Inc. releases critical and security patches on the same day. TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server are vulnerable to CVE-2022-30579 which is an information disclosure vulnerability. To exploit this vulnerability, the attacker requires network access to the target system in order to execute code that leaks sensitive data related to the target system to unauthorized individuals. This vulnerability can be exploited remotely.
A patch is available for TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server and all components of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server. If you have not already done so, it's recommended that you immediately upgrade your installation by following the instructions available in the Upgrade section of TIBCO Software Inc.'s Support Center. In addition, you should follow the advice in Security tips and best practices section.

Timeline

Published on: 09/20/2022 19:15:00 UTC
Last modified on: 09/22/2022 14:32:00 UTC

References

• https://www.tibco.com/services/support/advisories
• https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30579