Overview
- Description
- The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
- Source
- security@tibco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 3.9
- Impact score
- 2.5
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
- Severity
- LOW
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "949054A7-A299-4C11-9E2B-7437D6C4D801"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C63E85E6-8519-4957-B55B-0B8F6E658B2B"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE433F55-79E4-438C-81C7-4CEEAEE1C442"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:12.5.0:*:*:*:*:aws_marketplace:*:*",
"vulnerable": true,
"matchCriteriaId": "55B9367D-3938-4059-BABE-72322C2AE10C"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F7F5C30-950E-4483-8795-761C506BB549"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B67F529-EB21-4628-ADA2-56E76DA272EB"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:12.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "889EE133-0CEE-429F-A58E-1F310FB981B8"
}
],
"operator": "OR"
}
]
}
]