TIBCO Spotfire Server Authentication Module Unspecified Remote Code Execution

high Nessus Plugin ID 78392

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote host is running a version of TIBCO Spotfire Server that is affected by a remote code execution vulnerability due to a unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to execute arbitrary code on the remote host, subject to the privileges of the account running the affected application.

Solution

Apply the relevant patch referenced in the vendor advisory.

See Also

http://www.nessus.org/u?584e9c5e

http://www.nessus.org/u?483d2c22

Plugin Details

Severity: High

ID: 78392

File Name: tibco_spotfire_server_6_0_2.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 10/13/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:tibco:spotfire_server

Required KB Items: installed_sw/TIBCO Spotfire Server

Exploit Ease: No exploit is required

Patch Publication Date: 4/9/2014

Vulnerability Publication Date: 4/9/2014

Reference Information

CVE: CVE-2014-2544

BID: 66763