CVE-2023-29268

Published: Apr 26, 2023Modified: Jan 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

Affected (13)

Products: Tibco: Spotfire Statistics Services

Tibco

1 product

Spotfire Statistics Services

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Statistics Services	Before 11.4.11
Tibco Spotfire Statistics Services	Version 11.5.0
Tibco Spotfire Statistics Services	Version 11.6.0
Tibco Spotfire Statistics Services	Version 11.6.1
Tibco Spotfire Statistics Services	Version 11.6.2
Tibco Spotfire Statistics Services	Version 11.7.0
Tibco Spotfire Statistics Services	Version 11.8.0
Tibco Spotfire Statistics Services	Version 11.8.1
Tibco Spotfire Statistics Services	Version 12.0.0
Tibco Spotfire Statistics Services	Version 12.0.1
Tibco Spotfire Statistics Services	Version 12.0.2
Tibco Spotfire Statistics Services	Version 12.1.0
Tibco Spotfire Statistics Services	Version 12.2.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.