PT-2023-20549 · Tibco Software · Spotfire For Aws Marketplace+2
Publicado
2023-11-08
·
Atualizado
2023-11-16
·
CVE-2023-26221
CVSS v3.1
5.0
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0
TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0
TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0
Description
The Spotfire Connectors component contains an easily exploitable issue that allows a low-privileged attacker with read/write access to craft malicious Analyst files. A successful attack requires human interaction from a person other than the attacker.
Recommendations
For TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0, update to a version that contains a fix for this issue.
For TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0, update to a version that contains a fix for this issue.
For TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the Spotfire Connectors component until a patch is available.
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Spotfire Analyst
Spotfire Server
Spotfire For Aws Marketplace