TIBCO Spotfire Insufficiently Protected Credential vulnerability
CVE-2023-26221

5MEDIUM

Key Information:

Vendor: Tibco Software Inc.
Status: Spotfire Analyst; Spotfire Server; Spotfire For Aws Marketplace
Vendor: CVE Published:; 8 November 2023

Summary

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected Version(s)

Spotfire Analyst 12.3.0

Spotfire Analyst 12.4.0

Spotfire Analyst 12.5.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Feb 20, 2023

Collectors

NVD DatabaseMitre Database