SNS Vulnerability

TIBCO Spotfire Products Multiple Vulnerabilities

Description

Multiple vulnerabilities have been reported in TIBCO Spotfire Analytics Server and TIBCO Spotfire Server, which can be exploited by malicious people to conduct cross-site scripting, session fixation, and SQL injection attacks.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.
3) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in Spotfire Analytics Server versions prior to 10.1.1 and Spotfire Server versions 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, and 3.3.0.

Vulnerable Products

Vulnerable Software:
TIBCO Spotfire Analytics Server 10.xTIBCO Spotfire Server 3.x

Solution

Update to a fixed version.TIBCO Spotfire Analytics Server:Update to version 10.1.1.TIBCO Spotfire Server:Update to version 3.0.2, 3.1.2, 3.2.1, or 3.3.1.

CVE

CVE-2011-3134
CVE-2011-3133
CVE-2011-3132

References

http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Low

Vulnerability First Public Report Date

2011-09-01

Target Type

Client

Possible exploit

Remote