CVE-2021-43051Incorrect Authorization in Software INC Tibco Spotfire Server

CWE-863Incorrect Authorization2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 55.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tibco Software INC Tibco Spotfire ServerTibco Spotfire Server
Timeline
PublishedDec 14
Latest updateDec 15

Description

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified10.10.6+8
NVDtibco/spotfire_server10.10.6+8

🔴Vulnerability Details

1
GHSA
GHSA-j7vq-gw7g-j543: The Spotfire Server component of TIBCO Software Inc2021-12-15
CVE-2021-43051 — Incorrect Authorization | cvebase