CVE-2023-26221
Last modified
CVE-2023-26221 is a low-severity vulnerability rated 3.9/10 on the CVSS scale. The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Analyst | 12.3.0 |
| Tibco | Spotfire Analyst | 12.4.0 |
| Tibco | Spotfire Analyst | 12.5.0 |
| Tibco | Spotfire Analytics Platform | 12.5.0 |
| Tibco | Spotfire Server | 12.3.0 |
| Tibco | Spotfire Server | 12.4.0 |
| Tibco | Spotfire Server | 12.5.0 |
References
- https://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/services/support/advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-26221?
How severe is CVE-2023-26221?
How do I fix CVE-2023-26221?
Are you affected by CVE-2023-26221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST