Security Advisory regarding TIBCO Spotfire
Article ID: KB0108026
Updated On:
| Products | Versions |
|---|---|
| Spotfire Analyst | 10.3.3 and below, 10.10.0, 10.10.1, and 10.10.2, 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 |
| Spotfire Server | 10.3.3 and below, 10.10.0, 10.10.1, and 10.10.2, 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 |
Description
TIBCO Spotfire Cross Site Scripting Vulnerability
Original release date: March 9, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
a low privileged attacker with network access to execute a stored Cross Site
Scripting (XSS) attack on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the
attacker.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker gains access, including potentially administrative access, to the
affected system.
CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Original release date: March 9, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
a low privileged attacker with network access to execute a stored Cross Site
Scripting (XSS) attack on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the
attacker.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker gains access, including potentially administrative access, to the
affected system.
CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO Spotfire Cross Site Scripting Vulnerability
Environment
Produts Affected
TIBCO Spotfire Analyst versions 10.3.3 and below
TIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2
TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and
below
TIBCO Spotfire Desktop versions 10.3.3 and below
TIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2
TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
TIBCO Spotfire Server versions 10.3.11 and below
TIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3
TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and
11.1.0
The following component is affected:
* Spotfire client
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or
higher
TIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to
version 10.10.3 or higher
TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
update to version 11.2.0 or higher
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and
below update to version 11.2.0 or higher
TIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or
higher
TIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to
version 10.10.3 or higher
TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
update to version 11.2.0 or higher
TIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12
or higher
TIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update
to version 10.10.4 or higher
TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and
11.1.0 update to version 11.2.0 or higher
issue:
TIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or
higher
TIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to
version 10.10.3 or higher
TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
update to version 11.2.0 or higher
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and
below update to version 11.2.0 or higher
TIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or
higher
TIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to
version 10.10.3 or higher
TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
update to version 11.2.0 or higher
TIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12
or higher
TIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update
to version 10.10.4 or higher
TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and
11.1.0 update to version 11.2.0 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2021-23273
CVE-2021-23273
Feedback
Yes
No
Powered by
