CVE-2021-23275 — Incorrect Permission Assignment in Software INC Tibco Enterprise Runtime FOR R Server Edition

CWE-732 — Incorrect Permission Assignment CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA8.8

EPSS

0.0%

top 92.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Enterprise Runtime FOR R Server Edition Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server +5 more

Timeline

PublishedJun 29

Latest updateMay 24

Description

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low p…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_enterprise_runtime_for_r_server_editionunspecified — 1.2.4+5

▶CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified — 10.3.12+17

▶CVEListV5tibco_software_inc/tibco_spotfire_statistics_servicesunspecified — 10.3.0+6

▶NVDtibco/spotfire_server10.3.12+17

▶NVDtibco/spotfire_statistics_services10.3.0+6

🔴Vulnerability Details

GHSA

GHSA-vm2c-v328-xcwc: The Windows Installation component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Spotfire Windows Platform Installation vulnerability↗2021-06-29

▶