CVE-2023-29268
Published Apr 26, 2023
Last updated 2 years ago
Overview
- Description
- The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
- Source
- security@tibco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-434
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65804033-AECA-41EC-8973-CAE190EF69BD",
"versionEndExcluding": "11.4.11"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D37E7A0-F21A-413E-AF65-59340520B6C4"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F3602DE-B5AB-4FFA-AAD9-8C42B00988F9"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "510E83A5-B777-4EE6-851C-F9BE10147594"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55EABB66-4B3D-4D72-B028-E40491CDC77C"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42A74F6C-267D-4B1F-BF66-A1F10B0B2A9E"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C677EA4-6EB9-4B9B-9E1E-97555AF1291F"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE304915-AE5B-45C7-BA5C-79AA880F1088"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D69CD443-28E2-4632-95D4-E5EB3F094768"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EAE9787-53AE-4A38-8223-1F7893CC3CEE"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3ECA9B9-6058-4CE5-9535-8ED98022FB74"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E78843D-BBB8-4558-9E56-75CE514FA143"
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA10C631-566D-46BF-93A5-A7A92266FC47"
}
],
"operator": "OR"
}
]
}
]