Skip to main content

Spotfire Statistics Services

7 CVEs product

Monthly

CVE-2025-3115 CRITICAL Act Now

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Spotfire Enterprise Runtime For R Spotfire Statistics Services Spotfire Analyst +3
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2023-29268 CRITICAL Act Now

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Spotfire Statistics Services
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-28830 HIGH This Week

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-23275 HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R Spotfire Analytics Platform Spotfire Server +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-11204 HIGH This Week

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Spotfire Statistics Services
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-12410 CRITICAL Act Now

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2013-2371 MEDIUM This Month

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
CVSS 2.0
5.0
EPSS
0.5%
EPSS 1% CVSS 9.4
CRITICAL Act Now

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Spotfire Enterprise Runtime For R +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Spotfire Statistics Services
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Enterprise Runtime For R +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Spotfire Statistics Services
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy