CVE-2021-23273
Published Mar 9, 2021
Last updated a year ago
Overview
- Description
- The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
- Source
- security@tibco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
"vulnerable": true,
"matchCriteriaId": "5AEB1299-AD20-4B5A-AD92-E2BD4AB0BD61",
"versionEndIncluding": "11.1.0"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EECB41F-9602-41C6-89AD-3567CCE6CD84",
"versionEndIncluding": "10.3.3"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "529B7D1D-3734-433F-87FF-EED082378421"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F102050-55D2-4DCC-AEA2-7EEF4042B23E"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EC965E0-2B80-420F-AE1D-F68B4DB6C314"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2802ABF7-E503-4FBF-A8C1-D78DC167FB5C"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE461AE-B840-41A1-BD45-75408316EFA4"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD5FEF12-1AF5-43FB-96CF-074FED42BDA9"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43B50563-341C-498B-85DB-A564DC4787EA"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16029A99-9B9C-4006-8314-67C8731BDCE1"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71D20203-4F5A-48AE-A3C9-517B94A9F596",
"versionEndIncluding": "10.3.3"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77D5AFBD-DD57-4744-BB81-0ABBDBDE0171"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3DEF011-D075-44CE-8D5B-E85562360E4C"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D25CEF2-A066-44B0-AE48-26C39A0A7507"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4399AF82-5A89-4DC0-866B-B70D21CE5C05"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82E01304-336B-4E87-8122-570DE139E06E"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68ED0B9D-699F-476A-AEFD-2CE5B8CA1C89"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9F866EB-F423-4491-951D-AF0A6681683A"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04347EE2-37C4-44EC-A533-9518E793C15F"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C2F12D0-C533-49FA-84D8-3333DDD097A4",
"versionEndIncluding": "10.3.11"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28151CD2-540D-4D16-A894-082C2946FEF6"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "901B6B29-8644-43BC-BFAD-3229CD37FB9E"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1490724A-AF67-4037-B5D9-47477B58D765"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A962BD2-0CB0-4EE5-9904-362FDB9655D7"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FA54B6E-D53B-4196-AAD4-1C551C635D62"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "047CA6DF-7CF2-4B6F-BDFD-DB1EC64D6C1E"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F5F724C-30A5-4BA3-9047-3B0DFE30B4BF"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA297F15-2B70-4A13-9D63-816FD3149A87"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58D5C32A-F10F-4237-99BB-163B4B7D6D1D"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B68BAB9A-2479-4C36-B12A-D9F5A6C98D0F"
}
],
"operator": "OR"
}
]
}
]