Lucene search

[email protected]CVE-2023-26221

HistoryNov 08, 2023 - 8:15 p.m.

CVE-2023-26221

2023-11-0820:15:07

CWE-522

[email protected]

web.nvd.nist.gov

tibco

spotfire

connectors

vulnerability

cve-2023-26221

security

nvd

exploit

aws marketplace

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected configurations

NVD

Node

tibcospotfire_analystMatch12.3.0

tibcospotfire_analystMatch12.4.0

tibcospotfire_analystMatch12.5.0

tibcospotfire_analytics_platformMatch12.5.0aws_marketplace

tibcospotfire_serverMatch12.3.0

tibcospotfire_serverMatch12.4.0

tibcospotfire_serverMatch12.5.0

CPENameOperatorVersion
tibco:spotfire_analysttibco spotfire analysteq12.3.0
tibco:spotfire_analysttibco spotfire analysteq12.4.0
tibco:spotfire_analysttibco spotfire analysteq12.5.0
tibco:spotfire_analytics_platformtibco spotfire analytics platformeq12.5.0
tibco:spotfire_servertibco spotfire servereq12.3.0
tibco:spotfire_servertibco spotfire servereq12.4.0
tibco:spotfire_servertibco spotfire servereq12.5.0

CPE	Name	Operator	Version
tibco:spotfire_analyst	tibco spotfire analyst	eq	12.3.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	12.4.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	12.5.0
tibco:spotfire_analytics_platform	tibco spotfire analytics platform	eq	12.5.0
tibco:spotfire_server	tibco spotfire server	eq	12.3.0
tibco:spotfire_server	tibco spotfire server	eq	12.4.0
tibco:spotfire_server	tibco spotfire server	eq	12.5.0

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Spotfire Analyst",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.0"
      },
      {
        "status": "affected",
        "version": "12.4.0"
      },
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.0"
      },
      {
        "status": "affected",
        "version": "12.4.0"
      },
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "Spotfire for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-26221

prion1 cvelist1 nvd1