TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
CVE-2023-29268

9.8CRITICAL

Key Information:

Vendor: TIBCO Software Inc.
Status: TIBCO Spotfire Statistics Services
Vendor: CVE Published:; 26 April 2023

Summary

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

Affected Version(s)

TIBCO Spotfire Statistics Services 0 <= 11.4.10

TIBCO Spotfire Statistics Services 11.5.0

TIBCO Spotfire Statistics Services 11.6.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Apr 4, 2023

Collectors

NVD DatabaseMitre Database