CVE-2021-23273
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD
Description
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
Affected (30)
Products: Tibco: Analytics Platform, Spotfire Analyst, Spotfire Desktop, Spotfire Server
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 11.1.0 | |
| Up to 10.3.3 | |
| Up to 10.3.3 | |
| Up to 10.3.11 |
References (4)
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire
Source: security@tibco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.