Lucene search

[email protected]NVD:CVE-2021-23273

HistoryMar 09, 2021 - 9:15 p.m.

CVE-2021-23273

2021-03-0921:15:14

CWE-79

[email protected]

web.nvd.nist.gov

spotfire

tibco

xss

vulnerability

network access

analyst

analytics platform

desktop

server

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.

Affected configurations

Nvd

Node

tibcoanalytics_platformRange≤11.1.0aws_marketplace

tibcospotfire_analystRange≤10.3.3

tibcospotfire_analystMatch10.7.0

tibcospotfire_analystMatch10.8.0

tibcospotfire_analystMatch10.9.0

tibcospotfire_analystMatch10.10.0

tibcospotfire_analystMatch10.10.1

tibcospotfire_analystMatch10.10.2

tibcospotfire_analystMatch11.0.0

tibcospotfire_analystMatch11.1.0

tibcospotfire_desktopRange≤10.3.3

tibcospotfire_desktopMatch10.7.0

tibcospotfire_desktopMatch10.8.0

tibcospotfire_desktopMatch10.9.0

tibcospotfire_desktopMatch10.10.0

tibcospotfire_desktopMatch10.10.1

tibcospotfire_desktopMatch10.10.2

tibcospotfire_desktopMatch11.0.0

tibcospotfire_desktopMatch11.1.0

tibcospotfire_serverRange≤10.3.11

tibcospotfire_serverMatch10.7.0

tibcospotfire_serverMatch10.8.0

tibcospotfire_serverMatch10.8.1

tibcospotfire_serverMatch10.9.0

tibcospotfire_serverMatch10.10.0

tibcospotfire_serverMatch10.10.1

tibcospotfire_serverMatch10.10.2

tibcospotfire_serverMatch10.10.3

tibcospotfire_serverMatch11.0.0

tibcospotfire_serverMatch11.1.0

VendorProductVersionCPE
tibcoanalytics_platform*cpe:2.3:a:tibco:analytics_platform:*:*:*:*:*:aws_marketplace:*:*
tibcospotfire_analyst*cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
tibcospotfire_analyst10.7.0cpe:2.3:a:tibco:spotfire_analyst:10.7.0:*:*:*:*:*:*:*
tibcospotfire_analyst10.8.0cpe:2.3:a:tibco:spotfire_analyst:10.8.0:*:*:*:*:*:*:*
tibcospotfire_analyst10.9.0cpe:2.3:a:tibco:spotfire_analyst:10.9.0:*:*:*:*:*:*:*
tibcospotfire_analyst10.10.0cpe:2.3:a:tibco:spotfire_analyst:10.10.0:*:*:*:*:*:*:*
tibcospotfire_analyst10.10.1cpe:2.3:a:tibco:spotfire_analyst:10.10.1:*:*:*:*:*:*:*
tibcospotfire_analyst10.10.2cpe:2.3:a:tibco:spotfire_analyst:10.10.2:*:*:*:*:*:*:*
tibcospotfire_analyst11.0.0cpe:2.3:a:tibco:spotfire_analyst:11.0.0:*:*:*:*:*:*:*
tibcospotfire_analyst11.1.0cpe:2.3:a:tibco:spotfire_analyst:11.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	analytics_platform	*	cpe:2.3:a:tibco:analytics_platform::::::aws_marketplace::*
tibco	spotfire_analyst	*	cpe:2.3:a:tibco:spotfire_analyst::::::::
tibco	spotfire_analyst	10.7.0	cpe:2.3:a:tibco:spotfire_analyst:10.7.0:::::::*
tibco	spotfire_analyst	10.8.0	cpe:2.3:a:tibco:spotfire_analyst:10.8.0:::::::*
tibco	spotfire_analyst	10.9.0	cpe:2.3:a:tibco:spotfire_analyst:10.9.0:::::::*
tibco	spotfire_analyst	10.10.0	cpe:2.3:a:tibco:spotfire_analyst:10.10.0:::::::*
tibco	spotfire_analyst	10.10.1	cpe:2.3:a:tibco:spotfire_analyst:10.10.1:::::::*
tibco	spotfire_analyst	10.10.2	cpe:2.3:a:tibco:spotfire_analyst:10.10.2:::::::*
tibco	spotfire_analyst	11.0.0	cpe:2.3:a:tibco:spotfire_analyst:11.0.0:::::::*
tibco	spotfire_analyst	11.1.0	cpe:2.3:a:tibco:spotfire_analyst:11.1.0:::::::*

Rows per page:

1-10 of 301

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2021-23273

cve1 prion1 cvelist1