PT-2021-15426 · Tibco · Tibco Spotfire Analyst+3
Published
2021-03-09
·
Updated
2021-03-15
·
CVE-2021-23273
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TIBCO Spotfire Analyst versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below
TIBCO Spotfire Desktop versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0
TIBCO Spotfire Server versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0
Description
The Spotfire client component contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.
Recommendations
For TIBCO Spotfire Analyst versions 10.3.3 and below, update to a version above 10.3.3.
For TIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2, update to a version above 10.10.2.
For TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, update to a version above 11.1.0.
For TIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below, update to a version above 11.1.0.
For TIBCO Spotfire Desktop versions 10.3.3 and below, update to a version above 10.3.3.
For TIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2, update to a version above 10.10.2.
For TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, update to a version above 11.1.0.
For TIBCO Spotfire Server versions 10.3.11 and below, update to a version above 10.3.11.
For TIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, update to a version above 10.10.3.
For TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0, update to a version above 11.1.0.
As a temporary workaround, consider restricting access to the Spotfire client component until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Spotfire Analyst
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Desktop
Tibco Spotfire Server