Lucene search

[email protected]NVD:CVE-2023-26221

HistoryNov 08, 2023 - 8:15 p.m.

CVE-2023-26221

2023-11-0820:15:07

CWE-522

[email protected]

web.nvd.nist.gov

spotfire

tibco

connectors

vulnerability

exploitable

analyst

server

aws marketplace

3.9 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected configurations

NVD

Node

tibcospotfire_analystMatch12.3.0

tibcospotfire_analystMatch12.4.0

tibcospotfire_analystMatch12.5.0

tibcospotfire_analytics_platformMatch12.5.0aws_marketplace

tibcospotfire_serverMatch12.3.0

tibcospotfire_serverMatch12.4.0

tibcospotfire_serverMatch12.5.0

References

www.tibco.com/services/support/advisories