CVE-2023-26221Insufficiently Protected Credentials in Software INC Spotfire Analyst

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
3.9LOWNVD
CNA5.0
EPSS
0.1%
top 81.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Tibco Software INC Spotfire AnalystTibco Software INC Spotfire FOR AWS MarketplaceTibco Software INC Spotfire Server+3 more
Timeline
PublishedNov 8

Description

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versio

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.5

Affected Packages6 packages

CVEListV5tibco_software_inc/spotfire_analyst12.3.0, 12.4.0, 12.5.0+2
CVEListV5tibco_software_inc/spotfire_server12.3.0, 12.4.0, 12.5.0+2
NVDtibco/spotfire_analyst12.3.0, 12.4.0, 12.5.0+2
NVDtibco/spotfire_server12.3.0, 12.4.0, 12.5.0+2

🔴Vulnerability Details

2
GHSA
GHSA-5fvg-7q6x-mgh2: The Spotfire Connectors component of TIBCO Software Inc2023-11-08
CVEList
TIBCO Spotfire Insufficiently Protected Credential vulnerability2023-11-08
CVE-2023-26221 — Insufficiently Protected Credentials | cvebase