CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
22.7%
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
Vendor | Product | Version | CPE |
---|---|---|---|
tibco | analytics_platform | * | cpe:2.3:a:tibco:analytics_platform:*:*:*:*:*:aws_marketplace:*:* |
tibco | spotfire_analyst | * | cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.7.0 | cpe:2.3:a:tibco:spotfire_analyst:10.7.0:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.8.0 | cpe:2.3:a:tibco:spotfire_analyst:10.8.0:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.9.0 | cpe:2.3:a:tibco:spotfire_analyst:10.9.0:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.10.0 | cpe:2.3:a:tibco:spotfire_analyst:10.10.0:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.10.1 | cpe:2.3:a:tibco:spotfire_analyst:10.10.1:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 10.10.2 | cpe:2.3:a:tibco:spotfire_analyst:10.10.2:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 11.0.0 | cpe:2.3:a:tibco:spotfire_analyst:11.0.0:*:*:*:*:*:*:* |
tibco | spotfire_analyst | 11.1.0 | cpe:2.3:a:tibco:spotfire_analyst:11.1.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
22.7%