CVE-2021-23273 — HIGH (8.0)

Q: How severe is CVE-2021-23273?

CVE-2021-23273 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23273?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Analytics Platform, Tibco Spotfire Analyst, Tibco Spotfire Desktop, Tibco Spotfire Server.

Vulnerability Description

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tibco	Analytics Platform	<= 11.1.0
Tibco	Spotfire Analyst	<= 10.3.3
Tibco	Spotfire Desktop	<= 10.3.3
Tibco	Spotfire Server	<= 10.3.11

Related Weaknesses (CWE)

CWE-79

References

http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9Vendor Advisory
http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9Vendor Advisory

FAQ

What is CVE-2021-23273?

CVE-2021-23273 is a vulnerability with a CVSS score of 8.0 (HIGH). The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulne...

How severe is CVE-2021-23273?

CVE-2021-23273 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23273?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Analytics Platform, Tibco Spotfire Analyst, Tibco Spotfire Desktop, Tibco Spotfire Server.