CVE-2021-28830 — Improper Privilege Management in Software INC Tibco Enterprise Runtime FOR R Server Edition

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

CNA8.8

EPSS

0.0%

top 90.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Enterprise Runtime FOR R Server Edition Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server +5 more

Timeline

PublishedJun 29

Latest updateMay 24

Description

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerabili…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_enterprise_runtime_for_r_server_editionunspecified — 1.2.4+5

▶CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified — 10.3.12+17

▶CVEListV5tibco_software_inc/tibco_spotfire_statistics_servicesunspecified — 10.3.0+6

▶NVDtibco/spotfire_server10.3.12+17

▶NVDtibco/spotfire_statistics_services10.3.0+6

🔴Vulnerability Details

GHSA

GHSA-6rjr-cg8x-gc8f: The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Spotfire Windows Platform Artifact Search vulnerability↗2021-06-29

▶