The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.…

The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.

The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.

The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0.

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.