Lucene search

TibcoCVE-2022-41558

HistoryNov 15, 2022 - 7:15 p.m.

CVE-2022-41558

2022-11-1519:15:36

CWE-79

tibco

web.nvd.nist.gov

cve-2022-41558

tibco

spotfire

vulnerability

stored xss

security

nvd

exploit

network access

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

22.7%

JSON

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.

Affected configurations

Nvd

Node

tibcospotfire_analystRange≤11.4.4

tibcospotfire_analystMatch11.5.0

tibcospotfire_analystMatch11.6.0

tibcospotfire_analystMatch11.7.0

tibcospotfire_analystMatch11.8.0

tibcospotfire_analystMatch12.0.0

tibcospotfire_analystMatch12.0.1

tibcospotfire_analystMatch12.1.0

tibcospotfire_analytics_platformRange≤12.1.0aws_marketplace

tibcospotfire_desktopRange≤11.4.4

tibcospotfire_desktopMatch11.5.0

tibcospotfire_desktopMatch11.6.0

tibcospotfire_desktopMatch11.7.0

tibcospotfire_desktopMatch11.8.0

tibcospotfire_desktopMatch12.0.0

tibcospotfire_desktopMatch12.0.1

tibcospotfire_desktopMatch12.1.0

tibcospotfire_serverRange≤11.4.8

tibcospotfire_serverMatch11.5.0

tibcospotfire_serverMatch11.6.0

tibcospotfire_serverMatch11.6.1

tibcospotfire_serverMatch11.6.2

tibcospotfire_serverMatch11.6.3

tibcospotfire_serverMatch11.7.0

tibcospotfire_serverMatch11.8.0

tibcospotfire_serverMatch11.8.1

tibcospotfire_serverMatch12.0.0

tibcospotfire_serverMatch12.0.1

tibcospotfire_serverMatch12.1.0

VendorProductVersionCPE
tibcospotfire_analyst*cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
tibcospotfire_analyst11.5.0cpe:2.3:a:tibco:spotfire_analyst:11.5.0:*:*:*:*:*:*:*
tibcospotfire_analyst11.6.0cpe:2.3:a:tibco:spotfire_analyst:11.6.0:*:*:*:*:*:*:*
tibcospotfire_analyst11.7.0cpe:2.3:a:tibco:spotfire_analyst:11.7.0:*:*:*:*:*:*:*
tibcospotfire_analyst11.8.0cpe:2.3:a:tibco:spotfire_analyst:11.8.0:*:*:*:*:*:*:*
tibcospotfire_analyst12.0.0cpe:2.3:a:tibco:spotfire_analyst:12.0.0:*:*:*:*:*:*:*
tibcospotfire_analyst12.0.1cpe:2.3:a:tibco:spotfire_analyst:12.0.1:*:*:*:*:*:*:*
tibcospotfire_analyst12.1.0cpe:2.3:a:tibco:spotfire_analyst:12.1.0:*:*:*:*:*:*:*
tibcospotfire_analytics_platform*cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*
tibcospotfire_desktop*cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	spotfire_analyst	*	cpe:2.3:a:tibco:spotfire_analyst::::::::
tibco	spotfire_analyst	11.5.0	cpe:2.3:a:tibco:spotfire_analyst:11.5.0:::::::*
tibco	spotfire_analyst	11.6.0	cpe:2.3:a:tibco:spotfire_analyst:11.6.0:::::::*
tibco	spotfire_analyst	11.7.0	cpe:2.3:a:tibco:spotfire_analyst:11.7.0:::::::*
tibco	spotfire_analyst	11.8.0	cpe:2.3:a:tibco:spotfire_analyst:11.8.0:::::::*
tibco	spotfire_analyst	12.0.0	cpe:2.3:a:tibco:spotfire_analyst:12.0.0:::::::*
tibco	spotfire_analyst	12.0.1	cpe:2.3:a:tibco:spotfire_analyst:12.0.1:::::::*
tibco	spotfire_analyst	12.1.0	cpe:2.3:a:tibco:spotfire_analyst:12.1.0:::::::*
tibco	spotfire_analytics_platform	*	cpe:2.3:a:tibco:spotfire_analytics_platform::::::aws_marketplace::*
tibco	spotfire_desktop	*	cpe:2.3:a:tibco:spotfire_desktop::::::::

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "12.1.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.6.1",
        "status": "affected"
      },
      {
        "version": "11.6.2",
        "status": "affected"
      },
      {
        "version": "11.6.3",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "11.8.1",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558

Social References

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2022-41558