CVE-2023-26221 — MEDIUM (5.0)

Vulnerability Description

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Tibco	Spotfire Analyst	12.3.0
Tibco	Spotfire Analytics Platform	12.5.0
Tibco	Spotfire Server	12.3.0

Related Weaknesses (CWE)

CWE-522

References

https://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/services/support/advisoriesVendor Advisory

FAQ

What is CVE-2023-26221?

CVE-2023-26221 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged...

How severe is CVE-2023-26221?

CVE-2023-26221 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26221?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analyst, Tibco Spotfire Analytics Platform, Tibco Spotfire Server.