Free Trial
Under attack ?

TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server

Overview :

The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not “Script Author” group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.

Affected Product(s) :

  • TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below.

  • TIBCO Spotfire Server versions 7.11.9 and below.

  • TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6.

  • TIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 The following component is affected:

  • Spotfire library

Vulnerability Details :

TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability (CVE-2020-9408)

Solution :

TIBCO has released updated versions of the affected systems which address this issue:

  • TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher.

  • TIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher.

  • TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher.

  • TIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher.
Facebook
Twitter
LinkedIn
Linkedin X-twitter Facebook-f Youtube

Recent Blog Posts

Cybersecurity Awareness Month 2025
Layer 7 Attack Recovery Guide Step by Step (2025)
Top 12 Features Every MSSP Needs in a WAAP Platform (2025 Guide)
Top 8 Cybersecurity Challenges Indian Enterprises Face in 2025
Best Tools to Identify Broken Access Control in APIs

WAF Solution

Recent Case Studies

Government Institution Fortifies Data Defenses with Prophaze

Government Institution Fortifies Data Defenses with Prophaze

December 14, 2023
Prophaze's WAF Redefines Aerospace Security Standards

Prophaze’s WAF Redefines Aerospace Security Standards

December 14, 2023
Industrial IoT Breach mitigated by Prophaze

Industrial IoT Breach Mitigated by Prophaze

December 14, 2023

Recent Press Releases

Prophaze gartner 2025 strong performer waap api

Prophaze Recognized as a Strong Performer in Gartner Peer Insights™ Voice of the Customer 2025 for Cloud Web Application and API Protection

October 6, 2025
Indo Pak Cyber Attacks

India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze

May 20, 2025
Intel Prophaze Partnership

Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security

January 23, 2025