CVE-2017-5527

{"id": "CVE-2017-5527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-05-09T20:29:00.163", "references": [{"url": "http://www.securityfocus.com/bid/98398", "source": "security@tibco.com"}, {"url": "http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks."}, {"lang": "es", "value": "Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform versi\u00f3n 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyecci\u00f3n SQL."}], "lastModified": "2017-05-23T01:29:02.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1614C09A-D958-4F03-AAC7-C84D4D783688", "versionEndIncluding": "7.8.0"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84EC1E4C-EA97-4892-BD26-23690194F693"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C801DEF3-64D4-4FE0-A990-C59B2B1F1CD0"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC043E53-0A6D-4CB9-A54F-459561A3ADCC"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BFD4F32-E3FA-46BC-B927-C0333C27B6F6"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FABB2EC-0B87-4C03-812D-CCF5DFD29CC7"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0DEA557-475A-451E-B958-A15B6E7A5E71"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}