CVE-2023-26221

Published: Nov 8, 2023Modified: Nov 21, 2024

3.9

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 1.3 / Impact: 2.5

Source: NVD

Description

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected (7)

Products: Tibco: Spotfire Analyst, Spotfire Analytics Platform, Spotfire Server

Tibco

3 products

Spotfire Analyst

Spotfire Analytics Platform

Spotfire Server

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Analyst	Version 12.3.0
Tibco Spotfire Analyst	Version 12.4.0
Tibco Spotfire Analyst	Version 12.5.0
Tibco Spotfire Analytics Platform	Version 12.5.0
Tibco Spotfire Server	Version 12.3.0
Tibco Spotfire Server	Version 12.4.0
Tibco Spotfire Server	Version 12.5.0

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.