#VU23655 Input validation error in TIBCO products - CVE-2019-17334
Published: December 18, 2019
Vulnerability identifier: #VU23655
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-17334
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
TIBCO Spotfire Analyst
TIBCO Spotfire for AWS
TIBCO Spotfire Deployment Kit
TIBCO Spotfire Desktop
TIBCO Spotfire Desktop Language Packs
TIBCO Spotfire Analyst
TIBCO Spotfire for AWS
TIBCO Spotfire Deployment Kit
TIBCO Spotfire Desktop
TIBCO Spotfire Desktop Language Packs
Software vendor:
TIBCO
TIBCO
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the Visualizations component when processing DXP files. A remote attacker can trick a victim to store the DXP files to the Spotfire library and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.