Vulnerability Details : CVE-2023-26221
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Products affected by CVE-2023-26221
- cpe:2.3:a:tibco:spotfire_server:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:12.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analyst:12.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_analytics_platform:12.5.0:*:*:*:*:aws_marketplace:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26221
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.9
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
1.3
|
2.5
|
NIST | |
5.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.8
|
2.7
|
TIBCO Software Inc. |
CWE ids for CVE-2023-26221
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by:
- nvd@nist.gov (Primary)
- security@tibco.com (Secondary)
References for CVE-2023-26221
-
https://www.tibco.com/services/support/advisories
Advisory | TIBCO SoftwareVendor Advisory
Jump to