PT-2023-20549 · Tibco Software · Spotfire For Aws Marketplace+2

Published

2023-11-08

Updated

2023-11-16

CVE-2023-26221

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0

Description The Spotfire Connectors component contains an easily exploitable issue that allows a low-privileged attacker with read/write access to craft malicious Analyst files. A successful attack requires human interaction from a person other than the attacker.

Recommendations For TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0, update to a version that contains a fix for this issue. For TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0, update to a version that contains a fix for this issue. For TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Spotfire Connectors component until a patch is available.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2023-26221

Affected Products

Spotfire Analyst

Spotfire Server

Spotfire For Aws Marketplace

PT-2023-20549 · Tibco Software · Spotfire For Aws Marketplace+2

CVE-2023-26221

Weakness Enumeration

Related Identifiers

Affected Products

References · 5