Skip to main content

CVE-2022-30579: Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to Spotfire Server data and the ability to cause a partial denial of service. This vulnerability could allow an attacker to access resources other than the vulnerable system. in TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace

High
VulnerabilityCVE-2022-30579cvecve-2022-30579
Published: Tue Sep 20 2022 (09/20/2022, 18:55:08 UTC)
Source: CVE Database V5
Vendor/Project: TIBCO Software Inc.
Product: TIBCO Spotfire Analytics Platform for AWS Marketplace

Description

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

AI-Powered Analysis

AILast updated: 07/07/2025, 07:56:17 UTC

Technical Analysis

CVE-2022-30579 is a high-severity vulnerability affecting the Web Player component of TIBCO Software Inc.'s Spotfire Analytics Platform for AWS Marketplace and the TIBCO Spotfire Server, specifically version 12.0.0. This vulnerability is classified as a Server Side Request Forgery (SSRF) issue (CWE-918), which allows a low-privileged attacker with network access to the vulnerable system to induce the server to make HTTP requests to arbitrary internal or external resources. The exploitation is described as difficult, requiring some user interaction and high attack complexity, but it can lead to significant consequences. Successful exploitation can result in unauthorized update, insertion, or deletion of Spotfire Server data, effectively compromising data integrity. Additionally, it can cause a partial denial of service (DoS) on the affected system, impacting availability. The vulnerability also has the potential to allow attackers to access resources beyond the vulnerable system, indicating a scope that extends to other internal network assets or services. The CVSS v3.1 base score is 7.1 (high), with vector AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L, indicating network attack vector, high attack complexity, low privileges required, user interaction required, and a scope change. Confidentiality impact is low, integrity impact is high, and availability impact is low. No known exploits in the wild have been reported to date, and no patches were linked in the provided information, though it is expected that TIBCO would release updates or mitigations. The vulnerability affects a specific version (12.0.0) of the product, which is deployed on AWS Marketplace and possibly on-premises. The Web Player component is typically used to render and interact with analytics dashboards, so compromise here could affect business intelligence data and operations.

Potential Impact

For European organizations using TIBCO Spotfire Analytics Platform or Server version 12.0.0, this vulnerability poses a significant risk to the integrity and availability of critical analytics data. Unauthorized modification (update, insert, delete) of data could lead to corrupted business intelligence outputs, erroneous decision-making, and loss of trust in analytics systems. Partial denial of service could disrupt analytics availability, impacting operational continuity. The SSRF nature of the vulnerability also raises concerns about lateral movement or reconnaissance within internal networks, potentially exposing other sensitive resources. Given the importance of data analytics in sectors such as finance, manufacturing, healthcare, and government across Europe, exploitation could have wide-reaching operational and reputational consequences. Additionally, compliance with GDPR and other data protection regulations could be jeopardized if data integrity or availability is compromised. The requirement for user interaction and high attack complexity somewhat limits the ease of exploitation, but the low privilege needed and network accessibility mean that insider threats or targeted external attackers could leverage this vulnerability effectively.

Mitigation Recommendations

European organizations should immediately assess their deployment of TIBCO Spotfire Analytics Platform and Server to identify any instances running version 12.0.0. Although no patch links were provided, organizations should consult TIBCO's official security advisories and apply any available patches or updates promptly. In the absence of patches, organizations should consider the following mitigations: 1) Restrict network access to the Web Player component by implementing strict firewall rules and network segmentation to limit exposure to trusted users and systems only. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SSRF attack patterns targeting the Spotfire Web Player. 3) Monitor logs and network traffic for unusual outbound requests originating from the Spotfire server that could indicate SSRF exploitation attempts. 4) Enforce multi-factor authentication and least privilege principles for users accessing the Spotfire platform to reduce the risk of user interaction-based exploitation. 5) Conduct security awareness training to educate users about the risks of interacting with suspicious content that might trigger SSRF attacks. 6) If feasible, deploy the Spotfire platform in isolated environments or use virtual private clouds (VPCs) with strict egress controls to limit the ability of SSRF to reach internal resources. 7) Regularly review and update incident response plans to include scenarios involving SSRF and data integrity attacks on analytics platforms.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
tibco
Date Reserved
2022-05-11T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68373654182aa0cae2538124

Added to database: 5/28/2025, 4:14:12 PM

Last enriched: 7/7/2025, 7:56:17 AM

Last updated: 8/15/2025, 4:28:11 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats