Vulnerability Details : CVE-2011-3133
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
Products affected by CVE-2011-3133
- cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analytics_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3133
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3133
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2011-3133
-
http://www.securitytracker.com/id?1025999
TIBCO Spotfire Server Bugs Permits Cross-Site Scripting, Session Fixation, and Information Disclosure Attacks - SecurityTracker
-
http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt
404 Not FoundVendor Advisory
-
http://www.tibco.com/services/support/advisories/default.jsp
Advisory | TIBCO SoftwareVendor Advisory
Jump to