CRITICAL🇵🇱 Wersja polska

CVE-2023-29268

CVSS 9.8v3.1pub. 2023-04-26upd. 2025-01-30

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tibco Spotfire Statistics Services

    APP
    Tibco
    11.5.011.6.011.6.111.6.211.7.011.8.011.8.112.0.012.0.112.0.212.1.012.2.0< 11.4.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-3115CRITICAL9.4PL ✓ten sam produkt

RCE w Tibco Spotfire — wstrzyknięcie kodu i nievalidowane nazwy plików

CVE-2018-12410CRITICAL9.8ten sam produkt

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilitie...

CVE-2021-23275HIGH8.8ten sam produkt

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, T...

CVE-2021-28830HIGH8.8ten sam produkt

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterpr...

CVE-2019-11204HIGH8.8ten sam produkt

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerabili...