5
CVE-2012-0690
- EPSS 1.67%
- Veröffentlicht 13.03.2012 10:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tibco ≫ Spotfire Analytics Server Version10.0.0
Tibco ≫ Spotfire Analytics Server Version10.0.1
Tibco ≫ Spotfire Server Version3.0.0
Tibco ≫ Spotfire Server Version3.0.1
Tibco ≫ Spotfire Server Version3.1.0
Tibco ≫ Spotfire Server Version3.1.1
Tibco ≫ Spotfire Server Version3.2.0
Tibco ≫ Spotfire Server Version3.3.0
Tibco ≫ Spotfire Professional Version <= 4.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.67% | 0.737 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt