CVE-2023-29268

Name of the Vulnerable Software and Affected Versions TIBCO Spotfire Statistics Services versions 11.4.10 and below TIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0

Description The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system.

Recommendations For versions 11.4.10 and below, update to a version above 11.4.10. For versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0, consider restricting access to the Splus Server component until a patch is available. As a temporary workaround, consider disabling the file upload functionality in the Splus Server component until a patch is available.