Vulnerability Description
The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Analyst | <= 11.4.7 |
| Tibco | Spotfire Server | <= 11.4.11 |
Related Weaknesses (CWE)
References
- https://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/services/support/advisoriesVendor Advisory
FAQ
What is CVE-2023-26220?
CVE-2023-26220 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to e...
How severe is CVE-2023-26220?
CVE-2023-26220 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26220?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analyst, Tibco Spotfire Server.