CVE-2022-30579 (GCVE-0-2022-30579)
Vulnerability from cvelistv5
Published
2022-09-20 18:55
Modified
2025-05-28 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system.
Summary
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Version: 12.0.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T15:59:40.087955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:59:43.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"datePublic": "2022-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Web Player component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:06:20.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0: update to version 12.0.1 or later\nTIBCO Spotfire Server version 12.0.0: update to version 12.0.1 or later"
}
],
"source": {
"discovery": "Discovery statement"
},
"title": "TIBCO Spotfire Server Blind SSRF vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-09-20T17:00:00Z",
"ID": "CVE-2022-30579",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Blind SSRF vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Player component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0: update to version 12.0.1 or later\nTIBCO Spotfire Server version 12.0.0: update to version 12.0.1 or later"
}
],
"source": {
"discovery": "Discovery statement"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-30579",
"datePublished": "2022-09-20T18:55:08.406Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2025-05-28T15:59:43.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.tibco.com/services/support/advisories\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:56:12.867Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-30579\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T15:59:40.087955Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T15:59:37.053Z\"}}], \"cna\": {\"title\": \"TIBCO Spotfire Server Blind SSRF vulnerability\", \"source\": {\"discovery\": \"Discovery statement\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"TIBCO Software Inc.\", \"product\": \"TIBCO Spotfire Analytics Platform for AWS Marketplace\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0.0\"}]}, {\"vendor\": \"TIBCO Software Inc.\", \"product\": \"TIBCO Spotfire Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0.0\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"TIBCO has released updated versions of the affected components which address these issues.\\n\\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0: update to version 12.0.1 or later\\nTIBCO Spotfire Server version 12.0.0: update to version 12.0.1 or later\"}], \"datePublic\": \"2022-09-20T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.tibco.com/services/support/advisories\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Web Player component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system.\"}]}], \"providerMetadata\": {\"orgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"shortName\": \"tibco\", \"dateUpdated\": \"2022-09-20T19:06:20.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"discovery\": \"Discovery statement\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"12.0.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"TIBCO Spotfire Analytics Platform for AWS Marketplace\"}, {\"version\": {\"version_data\": [{\"version_value\": \"12.0.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"TIBCO Spotfire Server\"}]}, \"vendor_name\": \"TIBCO Software Inc.\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"TIBCO has released updated versions of the affected components which address these issues.\\n\\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0: update to version 12.0.1 or later\\nTIBCO Spotfire Server version 12.0.0: update to version 12.0.1 or later\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.tibco.com/services/support/advisories\", \"name\": \"https://www.tibco.com/services/support/advisories\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579\", \"name\": \"https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-20-2022-tibco-spotfire-cve-2022-30579\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The Web Player component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-30579\", \"STATE\": \"PUBLIC\", \"TITLE\": \"TIBCO Spotfire Server Blind SSRF vulnerability\", \"ASSIGNER\": \"security@tibco.com\", \"DATE_PUBLIC\": \"2022-09-20T17:00:00Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-30579\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T15:59:43.490Z\", \"dateReserved\": \"2022-05-11T00:00:00.000Z\", \"assignerOrgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"datePublished\": \"2022-09-20T18:55:08.406Z\", \"assignerShortName\": \"tibco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…