Security Advisory regarding TIBCO Spotfire Server

book

Article ID: KB0107997

calendar_today

Updated On:

Products	Versions
Spotfire Server	10.10.6 and below, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, 11.5.0 and 11.6.0

Description

TIBCO Spotfire Server API Authorization Vulnerability

Original release date: December 14, 2021
Last revised: ---
Source: TIBCO Software Inc.

Description

The component listed above contains a difficult to exploit vulnerability that
allows malicious custom API clients with network access to execute internal
API operations outside of the scope of those granted to it. A successful
attack using this vulnerability requires human interaction from a person other
than the attacker.

Impact

In the worst case, if the user is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system.

CVSS v3 Base Score: 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Environment

Products Affected TIBCO Spotfire Server versions 10.10.6 and below TIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1 TIBCO Spotfire Server versions 11.5.0 and 11.6.0 The following component is affected: * Spotfire Server

Resolution

TIBCO has released updated versions of the affected systems which address this
issue:

TIBCO Spotfire Server versions 10.10.6 and below update to version 10.10.7
or later

TIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and
11.4.1 update to version 11.4.2 or later

TIBCO Spotfire Server versions 11.5.0 and 11.6.0 update to version 11.6.1 or
later

Issue/Introduction

Security Advisory regarding TIBCO Spotfire Server API Authorization Vulnerability

Additional Information

https://www.tibco.com/services/support/advisories
CVE-2021-43051

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"