CVE-2017-3181

Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query

Description

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

Category

9.8
CVSS
Severity: Critical
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.62%
Vendor Advisory tibco.com
Affected: TIBCO Spotfire Analyst
Affected: TIBCO Spotfire Connectors
Affected: TIBCO Spotfire Deployment Kit
Affected: TIBCO Spotfire Desktop
Affected: TIBCO Spotfire Desktop Developer Edition
Affected: TIBCO Spotfire Desktop Language Packs
Affected: TIBCO Spotfire Web Player Client
Affected: TIBCO Spotfire Client
Published at:
Updated at:

References

Frequently Asked Questions

What is the severity of CVE-2017-3181?
CVE-2017-3181 has been scored as a critical severity vulnerability.
How to fix CVE-2017-3181?
To fix CVE-2017-3181, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-3181 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2017-3181 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-3181?
CVE-2017-3181 affects TIBCO Spotfire Analyst, TIBCO Spotfire Connectors, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop Developer Edition, TIBCO Spotfire Desktop Language Packs, TIBCO Spotfire Web Player Client, TIBCO Spotfire Client.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.