CVE-2021-23273

Published Mar 9, 2021

Last updated a year ago

CVSS medium 5.4

Overview

Description: The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
Source: security@tibco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AEB1299-AD20-4B5A-AD92-E2BD4AB0BD61",
            "versionEndIncluding": "11.1.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EECB41F-9602-41C6-89AD-3567CCE6CD84",
            "versionEndIncluding": "10.3.3"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "529B7D1D-3734-433F-87FF-EED082378421"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F102050-55D2-4DCC-AEA2-7EEF4042B23E"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EC965E0-2B80-420F-AE1D-F68B4DB6C314"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2802ABF7-E503-4FBF-A8C1-D78DC167FB5C"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCE461AE-B840-41A1-BD45-75408316EFA4"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD5FEF12-1AF5-43FB-96CF-074FED42BDA9"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43B50563-341C-498B-85DB-A564DC4787EA"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16029A99-9B9C-4006-8314-67C8731BDCE1"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71D20203-4F5A-48AE-A3C9-517B94A9F596",
            "versionEndIncluding": "10.3.3"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77D5AFBD-DD57-4744-BB81-0ABBDBDE0171"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3DEF011-D075-44CE-8D5B-E85562360E4C"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D25CEF2-A066-44B0-AE48-26C39A0A7507"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4399AF82-5A89-4DC0-866B-B70D21CE5C05"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82E01304-336B-4E87-8122-570DE139E06E"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68ED0B9D-699F-476A-AEFD-2CE5B8CA1C89"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9F866EB-F423-4491-951D-AF0A6681683A"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_desktop:11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04347EE2-37C4-44EC-A533-9518E793C15F"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C2F12D0-C533-49FA-84D8-3333DDD097A4",
            "versionEndIncluding": "10.3.11"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28151CD2-540D-4D16-A894-082C2946FEF6"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "901B6B29-8644-43BC-BFAD-3229CD37FB9E"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1490724A-AF67-4037-B5D9-47477B58D765"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A962BD2-0CB0-4EE5-9904-362FDB9655D7"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA54B6E-D53B-4196-AAD4-1C551C635D62"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "047CA6DF-7CF2-4B6F-BDFD-DB1EC64D6C1E"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F5F724C-30A5-4BA3-9047-3B0DFE30B4BF"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA297F15-2B70-4A13-9D63-816FD3149A87"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58D5C32A-F10F-4237-99BB-163B4B7D6D1D"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B68BAB9A-2479-4C36-B12A-D9F5A6C98D0F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References