HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-30579

CVSS 7.1v3.1pub. 2022-09-20upd. 2025-05-28

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
  • Tibco Spotfire Analytics Platform

    APP
    Tibco
    12.0.0
  • Tibco Spotfire Server

    APP
    Tibco
    12.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2025-3115CRITICAL9.4PL ✓ten sam produkt

RCE w Tibco Spotfire — wstrzyknięcie kodu i nievalidowane nazwy plików

CVE-2022-41558CRITICAL9.0ten sam produkt

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Sp...

CVE-2021-43051HIGH7.1ten sam produkt

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO...

CVE-2021-23275HIGH8.8ten sam produkt

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, T...

CVE-2021-28830HIGH8.8ten sam produkt

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterpr...