Lucene search

K
cve[email protected]CVE-2023-26221
HistoryNov 08, 2023 - 8:15 p.m.

CVE-2023-26221

2023-11-0820:15:07
CWE-522
web.nvd.nist.gov
26
tibco
spotfire
connectors
vulnerability
cve-2023-26221
security
nvd
exploit
aws marketplace

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected configurations

NVD
Node
tibcospotfire_analystMatch12.3.0
OR
tibcospotfire_analystMatch12.4.0
OR
tibcospotfire_analystMatch12.5.0
OR
tibcospotfire_analytics_platformMatch12.5.0aws_marketplace
OR
tibcospotfire_serverMatch12.3.0
OR
tibcospotfire_serverMatch12.4.0
OR
tibcospotfire_serverMatch12.5.0

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Spotfire Analyst",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.0"
      },
      {
        "status": "affected",
        "version": "12.4.0"
      },
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.0"
      },
      {
        "status": "affected",
        "version": "12.4.0"
      },
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "Spotfire for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.5.0"
      }
    ]
  }
]

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2023-26221