CVE-2017-3181

Name: CVE-2017-3181
Creator: NVD / NIST
Published: 2018-07-24T15:29:00.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.71%

Last modified Jun 17, 2026

CVE-2017-3181 is a vulnerability of currently unknown severity. Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. EPSS estimates a 1.71% chance of exploitation in the next 30 days.

Description

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

Metrics

EPSS Probability

1.71%

74.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Tibco	Spotfire Analyst	7.7.0
Tibco	Spotfire Client	All versions
Tibco	Spotfire Connectors	7.6.0
Tibco	Spotfire Deployment Kit	7.7.0
Tibco	Spotfire Desktop	7.6.0
Tibco	Spotfire Desktop	7.7.0
Tibco	Spotfire Desktop Language Packs	7.6.0
Tibco	Spotfire Desktop Language Packs	7.7.0
Tibco	Spotfire Web Player Client	All versions

References

https://www.securityfocus.com/bid/95696Third Party Advisory, VDB Entry
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181Vendor Advisory
https://www.securityfocus.com/bid/95696Third Party Advisory, VDB Entry
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181Vendor Advisory

Timeline

Published: Jul 24, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-3181?

How severe is CVE-2017-3181?

Severity scoring for CVE-2017-3181 is pending analysis. The EPSS model estimates a 1.71% probability of exploitation in the next 30 days.

How do I fix CVE-2017-3181?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3181?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST