CVE-2023-26220

Published Oct 10, 2023

Last updated a year ago

CVSS medium 5.4

Overview

Description: The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.
Source: security@tibco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
security@tibco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841BE5EF-AA80-4864-8379-572F84D01CB1",
            "versionEndIncluding": "11.4.7"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6643BEFC-4C34-4D82-9451-79F2E2727230"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98448711-785E-483A-BC6A-5A5311C7FF63"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CB9F167-A6FF-46ED-9BCB-F4634ACB18B5"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3122E8-7D53-4FE6-A38F-39ED821BC8BD"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12F5049F-F75D-45A3-A6A3-E22353721532"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F029AC1D-CB5B-4F2B-B255-EB98F7758232"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AD66F3D-4B7D-4C0A-A3DE-69C4A0D2B480"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F07C385A-55C6-4B35-9D1A-058958571530"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1CF7CAF-77B3-4FB8-AD50-E74999A5306E"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D671E2F-D211-4E0D-B351-92A08327E439"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD0A72BA-11DB-494E-9FBA-415253D878BE"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A54F9B1-432F-4BDF-8331-710EB7DC7DA0",
            "versionEndIncluding": "11.4.11"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50269188-015E-406A-90B8-5F113773A3D5"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBDD97C0-212A-4E53-9246-65ED746C6554"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E22936E-ADBE-4D1F-AB3E-574DDE9B26E0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71EF8AB2-09E0-4235-B7A2-41867303ACA2"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2838D095-0DA8-4F1B-BAD4-D5A326C5D65C"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "014E0C2D-6601-478E-A5EF-D14789430A31"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5854EC01-743F-4B31-B51F-34DE3F4DDCFB"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:11.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "113FBC40-777B-4B99-A5BF-A40F6707AFD9"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "117AF754-4972-4254-A158-37B87C054DAF"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7619EE98-BAFF-4685-B434-4CD2966D6C2D"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7487265D-177D-40E5-8BBA-54224B9FFC96"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7722AC4-9856-403E-92A9-5CD0CFA57CDF"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A18039B-1EF0-4617-9579-509E611FA859"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB4CDB7-3FA6-4441-94F6-CEA13BD8C811"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE8D46B2-D8C9-4FF9-A6FA-61B755241B12"
          },
          {
            "criteria": "cpe:2.3:a:tibco:spotfire_server:12.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8466B949-D760-46C3-BC9B-11489DA9773F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References