CVE-2021-43051

Name of the Vulnerable Software and Affected Versions TIBCO Spotfire Server versions 10.10.6 and below TIBCO Spotfire Server versions 11.0.0 through 11.4.1 TIBCO Spotfire Server versions 11.5.0 through 11.6.0

Description The Spotfire Server component contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations For TIBCO Spotfire Server versions 10.10.6 and below, update to a version above 10.10.6. For TIBCO Spotfire Server versions 11.0.0 through 11.4.1, update to a version above 11.4.1. For TIBCO Spotfire Server versions 11.5.0 through 11.6.0, update to a version above 11.6.0. As a temporary workaround, consider restricting access to internal API operations to minimize the risk of exploitation.