Security Advisory regarding TIBCO Spotfire
Article ID: KB0107936
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 12.3.0, 12.4.0 and 12.5.0 |
Description
TIBCO Security Advisory: November 8, 2023 - TIBCO Spotfire - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerability
Original release date: November 8, 2023
Last revised: —
CVE-2023-26221
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker.
Impact
Successful execution of this vulnerability will result in an attacker being able to obtain access tokens of authorized users.
CVSS v3.1 Base Score: 5.0 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Environment
Products Affected
- TIBCO Spotfire Analyst versions 12.3.0, 12.4.0 and 12.5.0
- TIBCO Spotfire Server versions 12.3.0, 12.4.0 and 12.5.0
- TIBCO Spotfire Analytics Platform for AWS Marketplace 12.5.0
The following component is affected:
- Spotfire Connectors
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO Spotfire Analyst versions 12.3.0, 12.4.0 and 12.5.0: update to Spotfire Analyst version 14.0.0 or later
- TIBCO Spotfire Server versions 12.3.0, 12.4.0 and 12.5.0: update to Spotfire Server version 14.0.0 or later
- TIBCO Spotfire Analytics Platform for AWS Marketplace 12.5.0: update to Spotfire for AWS Marketplace version 14.0.0 or later
Issue/Introduction
Security Advisory regarding TIBCO Spotfire Insufficiently Protected Credential vulnerability
Additional Information
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26221
Feedback
Yes
No
Powered by
