CVE-2014-2544
Last modified
CVE-2014-2544 is a vulnerability of currently unknown severity. Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.. EPSS estimates a 3.04% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Web Player | <= 4.0.3 |
| Tibco | Web Player | 4.5.0 |
| Tibco | Web Player | 4.5.1 |
| Tibco | Web Player | 5.0.0 |
| Tibco | Web Player | 5.0.1 |
| Tibco | Web Player | 5.5.0 |
| Tibco | Web Player | 6.0.0 |
| Tibco | Automation Services | <= 4.0.3 |
| Tibco | Automation Services | 4.5.0 |
| Tibco | Automation Services | 4.5.1 |
| Tibco | Automation Services | 5.0.0 |
| Tibco | Automation Services | 5.0.1 |
| Tibco | Automation Services | 5.5.0 |
| Tibco | Automation Services | 6.0.0 |
| Tibco | Spotfire Server | <= 3.3.3 |
| Tibco | Spotfire Server | 4.5.0 |
| Tibco | Spotfire Server | 5.0.0 |
| Tibco | Spotfire Server | 5.0.1 |
| Tibco | Spotfire Server | 5.5.0 |
| Tibco | Spotfire Server | 6.0.0 |
| Tibco | Spotfire Server | 6.0.1 |
| Tibco | Spotfire Professional | <= 4.0.3 |
| Tibco | Spotfire Professional | 4.5.0 |
| Tibco | Spotfire Professional | 4.5.1 |
| Tibco | Spotfire Professional | 5.0.0 |
| Tibco | Spotfire Professional | 5.0.1 |
| Tibco | Spotfire Professional | 5.5.0 |
| Tibco | Spotfire Professional | 6.0.0 |
| Tibco | Analyst | <= 6.0.0 |
| Tibco | Desktop | <= 6.0.0 |
| Tibco | Deployment Kit | <= 4.0.3 |
| Tibco | Deployment Kit | 4.5.0 |
| Tibco | Deployment Kit | 4.5.1 |
| Tibco | Deployment Kit | 5.0.0 |
| Tibco | Deployment Kit | 5.0.1 |
| Tibco | Deployment Kit | 5.5.0 |
| Tibco | Deployment Kit | 6.0.0 |
References
- http://www.tibco.com/mk/advisory.jspVendor Advisory
- http://www.tibco.com/mk/advisory.jspVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-2544?
How severe is CVE-2014-2544?
How do I fix CVE-2014-2544?
Are you affected by CVE-2014-2544?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST