cbcvebase.
CVE-2023-29268
published 2023-04-26

CVE-2023-29268: The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.03%
59.4th percentile
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
tibcospotfire_statistics_services< 11.4.1111.4.11
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibcospotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services<= 11.4.10
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
tibco_software_inctibco_spotfire_statistics_services
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.