Unrated severityNVD Advisory· Published Nov 8, 2023· Updated Sep 4, 2024

TIBCO Spotfire Insufficiently Protected Credential vulnerability

CVE-2023-26221

Description

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected products

TIBCO Software/Spotfire Serverllm-fuzzy2 versions
= 12.3.0 / 12.4.0 / 12.5.0+ 1 more
- (no CPE)range: = 12.3.0 / 12.4.0 / 12.5.0
- (no CPE)range: 12.3.0
Spotfire/Spotfire For Aws Marketplacellm-fuzzy
Range: = 12.5.0
TIBCO Software/Spotfire Analystllm-fuzzy2 versions
= 12.3.0 / 12.4.0 / 12.5.0+ 1 more
- (no CPE)range: = 12.3.0 / 12.4.0 / 12.5.0
- (no CPE)range: 12.3.0
TIBCO Software/TIBCO Spotfire Analytics Platform for AWS Marketplacecpe-rescue
Range: 12.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tibco.com/services/support/advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000