Lucene search

[email protected]CVE-2021-28830

HistoryJun 29, 2021 - 6:15 p.m.

CVE-2021-28830

2021-06-2918:15:08

[email protected]

web.nvd.nist.gov

tibco

spotfire

enterprise runtime

vulnerability

local attacker

malicious software

nvd

cve-2021-28830

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.

Affected configurations

NVD

Node

tibcoenterprise_runtime_for_rRange≤1.2.4server

tibcoenterprise_runtime_for_rMatch1.3.0server

tibcoenterprise_runtime_for_rMatch1.3.1server

tibcoenterprise_runtime_for_rMatch1.4.0server

tibcoenterprise_runtime_for_rMatch1.5.0server

tibcoenterprise_runtime_for_rMatch1.6.0server

tibcospotfire_analytics_platformRange≤11.3.0aws_marketplace

tibcospotfire_serverRange≤10.3.12

tibcospotfire_serverMatch10.4.0

tibcospotfire_serverMatch10.5.0

tibcospotfire_serverMatch10.6.0

tibcospotfire_serverMatch10.6.1

tibcospotfire_serverMatch10.7.0

tibcospotfire_serverMatch10.8.0

tibcospotfire_serverMatch10.8.1

tibcospotfire_serverMatch10.9.0

tibcospotfire_serverMatch10.10.0

tibcospotfire_serverMatch10.10.1

tibcospotfire_serverMatch10.10.2

tibcospotfire_serverMatch10.10.3

tibcospotfire_serverMatch10.10.4

tibcospotfire_serverMatch11.0.0

tibcospotfire_serverMatch11.1.0

tibcospotfire_serverMatch11.2.0

tibcospotfire_serverMatch11.3.0

tibcospotfire_statistics_servicesRange≤10.3.0

tibcospotfire_statistics_servicesMatch10.10.0

tibcospotfire_statistics_servicesMatch10.10.1

tibcospotfire_statistics_servicesMatch10.10.2

tibcospotfire_statistics_servicesMatch11.1.0

tibcospotfire_statistics_servicesMatch11.2.0

tibcospotfire_statistics_servicesMatch11.3.0

CPENameOperatorVersion
tibco:enterprise_runtime_for_rtibco enterprise runtime for rle1.2.4
tibco:enterprise_runtime_for_rtibco enterprise runtime for req1.3.0
tibco:enterprise_runtime_for_rtibco enterprise runtime for req1.3.1
tibco:enterprise_runtime_for_rtibco enterprise runtime for req1.4.0
tibco:enterprise_runtime_for_rtibco enterprise runtime for req1.5.0
tibco:enterprise_runtime_for_rtibco enterprise runtime for req1.6.0
tibco:spotfire_analytics_platformtibco spotfire analytics platformle11.3.0
tibco:spotfire_servertibco spotfire serverle10.3.12
tibco:spotfire_servertibco spotfire servereq10.4.0
tibco:spotfire_servertibco spotfire servereq10.5.0

CPE	Name	Operator	Version
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	le	1.2.4
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	eq	1.3.0
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	eq	1.3.1
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	eq	1.4.0
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	eq	1.5.0
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	eq	1.6.0
tibco:spotfire_analytics_platform	tibco spotfire analytics platform	le	11.3.0
tibco:spotfire_server	tibco spotfire server	le	10.3.12
tibco:spotfire_server	tibco spotfire server	eq	10.4.0
tibco:spotfire_server	tibco spotfire server	eq	10.5.0

Rows per page:

1-10 of 321

CNA Affected

[
  {
    "product": "TIBCO Enterprise Runtime for R - Server Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "1.2.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Enterprise Runtime for R - Server Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.0"
      },
      {
        "status": "affected",
        "version": "1.3.1"
      }
    ]
  },
  {
    "product": "TIBCO Enterprise Runtime for R - Server Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.0"
      },
      {
        "status": "affected",
        "version": "1.5.0"
      },
      {
        "status": "affected",
        "version": "1.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "11.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "10.3.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      },
      {
        "status": "affected",
        "version": "10.6.1"
      },
      {
        "status": "affected",
        "version": "10.7.0"
      },
      {
        "status": "affected",
        "version": "10.8.0"
      },
      {
        "status": "affected",
        "version": "10.8.1"
      },
      {
        "status": "affected",
        "version": "10.9.0"
      },
      {
        "status": "affected",
        "version": "10.10.0"
      },
      {
        "status": "affected",
        "version": "10.10.1"
      },
      {
        "status": "affected",
        "version": "10.10.2"
      },
      {
        "status": "affected",
        "version": "10.10.3"
      },
      {
        "status": "affected",
        "version": "10.10.4"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "11.0.0"
      },
      {
        "status": "affected",
        "version": "11.1.0"
      },
      {
        "status": "affected",
        "version": "11.2.0"
      },
      {
        "status": "affected",
        "version": "11.3.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Statistics Services",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "10.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Statistics Services",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.10.0"
      },
      {
        "status": "affected",
        "version": "10.10.1"
      },
      {
        "status": "affected",
        "version": "10.10.2"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Statistics Services",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.0"
      },
      {
        "status": "affected",
        "version": "11.2.0"
      },
      {
        "status": "affected",
        "version": "11.3.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-28830

nvd1 prion1 cvelist1