HIGH✓ PATCH🇬🇧 English

CVE-2021-23273

CVSS 8.0v3.1pub. 2021-03-09upd. 2024-11-21

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Tibco Analytics Platform

    APP
    Tibco
    ≤ 11.1.0
  • Tibco Spotfire Analyst

    APP
    Tibco
    10.10.010.10.110.10.210.7.010.8.010.9.011.0.011.1.0≤ 10.3.3
  • Tibco Spotfire Desktop

    APP
    Tibco
    10.10.010.10.110.10.210.7.010.8.010.9.011.0.011.1.0≤ 10.3.3
  • Tibco Spotfire Server

    APP
    Tibco
    10.10.010.10.110.10.210.10.310.7.010.8.010.8.110.9.011.0.011.1.0≤ 10.3.11
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-3115CRITICAL9.4PL ✓ten sam produkt

RCE w Tibco Spotfire — wstrzyknięcie kodu i nievalidowane nazwy plików

CVE-2022-41558CRITICAL9.0ten sam produkt

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Sp...

CVE-2017-3181CRITICAL9.8ten sam produkt

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to pr...

CVE-2018-5435CRITICAL9.6ten sam produkt

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotf...

CVE-2022-30579HIGH7.1ten sam produkt

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TI...