Search criteria
2 vulnerabilities found for Spotfire for AWS Marketplace by TIBCO Software Inc.
CVE-2023-26221 (GCVE-0-2023-26221)
Vulnerability from nvd – Published: 2023-11-08 19:44 – Updated: 2024-09-04 15:46
VLAI?
Title
TIBCO Spotfire Insufficiently Protected Credential vulnerability
Summary
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | Spotfire Analyst |
Affected:
12.3.0
Affected: 12.4.0 Affected: 12.5.0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:46:35.719041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:46:47.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.3.0"
},
{
"status": "affected",
"version": "12.4.0"
},
{
"status": "affected",
"version": "12.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.3.0"
},
{
"status": "affected",
"version": "12.4.0"
},
{
"status": "affected",
"version": "12.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Spotfire Connectors component of TIBCO Software Inc.\u0027s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\u003c/p\u003e"
}
],
"value": "The Spotfire Connectors component of TIBCO Software Inc.\u0027s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T19:44:03.634Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eSpotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\u003c/p\u003e\u003cp\u003eSpotfire Server versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\u003c/p\u003e\u003cp\u003eSpotfire for AWS Marketplace version 12.5.0: update to version 14.0.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nSpotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\n\nSpotfire Server versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\n\nSpotfire for AWS Marketplace version 12.5.0: update to version 14.0.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Insufficiently Protected Credential vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26221",
"datePublished": "2023-11-08T19:44:03.634Z",
"dateReserved": "2023-02-20T22:18:23.428Z",
"dateUpdated": "2024-09-04T15:46:47.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26221 (GCVE-0-2023-26221)
Vulnerability from cvelistv5 – Published: 2023-11-08 19:44 – Updated: 2024-09-04 15:46
VLAI?
Title
TIBCO Spotfire Insufficiently Protected Credential vulnerability
Summary
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Severity ?
5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | Spotfire Analyst |
Affected:
12.3.0
Affected: 12.4.0 Affected: 12.5.0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:46:35.719041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:46:47.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.3.0"
},
{
"status": "affected",
"version": "12.4.0"
},
{
"status": "affected",
"version": "12.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.3.0"
},
{
"status": "affected",
"version": "12.4.0"
},
{
"status": "affected",
"version": "12.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Spotfire Connectors component of TIBCO Software Inc.\u0027s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\u003c/p\u003e"
}
],
"value": "The Spotfire Connectors component of TIBCO Software Inc.\u0027s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T19:44:03.634Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eSpotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\u003c/p\u003e\u003cp\u003eSpotfire Server versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\u003c/p\u003e\u003cp\u003eSpotfire for AWS Marketplace version 12.5.0: update to version 14.0.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nSpotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\n\nSpotfire Server versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later\n\nSpotfire for AWS Marketplace version 12.5.0: update to version 14.0.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Insufficiently Protected Credential vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26221",
"datePublished": "2023-11-08T19:44:03.634Z",
"dateReserved": "2023-02-20T22:18:23.428Z",
"dateUpdated": "2024-09-04T15:46:47.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}