CVE-2015-4554
CVE-2015-4554 is a high-severity vulnerability in Tibco Spotfire Deployment Kit with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 3% (88th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Tibco Spotfire Deployment Kit
- Published:
- Last modified:
Description
Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
Frequently asked questions
- What is CVE-2015-4554?
- Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
- How severe is CVE-2015-4554?
- CVE-2015-4554 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2015-4554 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (88th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-4554?
- CVE-2015-4554 primarily affects Tibco Spotfire Deployment Kit. In total, 46 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-4554?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2015-4554 published?
- CVE-2015-4554 was published on 2015-07-21 and last updated on 2026-06-17.
References
- http://www.securitytracker.com/id/1033015
- http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt
- http://www.tibco.com/mk/advisory.jsp
Affected products (46)
- cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_deployment_kit:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_professional:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_web_player:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_desktop:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_automation_services:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:6.5.0:*:*:*:*:*:*:*
More vulnerabilities in Tibco Spotfire Deployment Kit
- CVE-2025-3115 — Critical (CVSS 9.8): Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing…
- CVE-2017-3181 — Critical (CVSS 9.8): Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly…
- CVE-2018-5435 — Critical (CVSS 9.6): The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire…
- CVE-2019-17334 — High (CVSS 8.0): The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS…
- CVE-2018-5437 — Medium (CVSS 6.8): The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire…
- CVE-2017-3180 — Medium (CVSS 5.4): Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to…