Vulnerability Details : CVE-2018-12410
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Vulnerability category: Execute code
Products affected by CVE-2018-12410
- cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12410
1.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12410
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
TIBCO Software Inc. |
References for CVE-2018-12410
-
http://www.securityfocus.com/bid/105558
TIBCO Spotfire Statistics Services CVE-2018-12410 Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics
TIBCO Security Advisory: October 10, 2018 - TIBCO Spotfire Statistics Services | TIBCO SoftwareThird Party Advisory
Jump to