Search criteria
10 vulnerabilities found for TIBCO Spotfire Statistics Services by TIBCO Software Inc.
CVE-2023-29268 (GCVE-0-2023-29268)
Vulnerability from cvelistv5 – Published: 2023-04-26 17:24 – Updated: 2025-01-30 21:39
VLAI?
Title
TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Severity ?
9.8 (Critical)
CWE
- Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
0 , ≤ 11.4.10
(semver)
Affected: 11.5.0 Affected: 11.6.0 Affected: 11.6.1 Affected: 11.6.2 Affected: 11.7.0 Affected: 11.8.0 Affected: 11.8.1 Affected: 12.0.0 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.1.0 Affected: 12.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:39:50.970602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:39:54.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\u003c/p\u003e"
}
],
"value": "The Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T17:24:18.689Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\n\nTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\n\nTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-29268",
"datePublished": "2023-04-26T17:24:18.689Z",
"dateReserved": "2023-04-04T19:06:51.372Z",
"dateUpdated": "2025-01-30T21:39:54.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28830 (GCVE-0-2021-28830)
Vulnerability from cvelistv5 – Published: 2021-06-29 17:15 – Updated: 2024-09-16 23:10
VLAI?
Title
TIBCO Spotfire Windows Platform Artifact Search vulnerability
Summary
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-28830",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28830",
"datePublished": "2021-06-29T17:15:12.487779Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T23:10:44.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23275 (GCVE-0-2021-23275)
Vulnerability from cvelistv5 – Published: 2021-06-29 17:15 – Updated: 2024-09-16 20:53
VLAI?
Title
TIBCO Spotfire Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-23275",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23275",
"datePublished": "2021-06-29T17:15:10.796514Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T20:53:10.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11204 (GCVE-0-2019-11204)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:57 – Updated: 2024-09-16 17:53
VLAI?
Title
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Summary
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T16:06:23",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Statistics Services Exposes Sensitive Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108347"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11204",
"datePublished": "2019-05-14T19:57:29.767743Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T17:53:03.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12410 (GCVE-0-2018-12410)
Vulnerability from cvelistv5 – Published: 2018-10-10 20:00 – Updated: 2024-09-16 17:04
VLAI?
Title
TIBCO Spotfire Statistics Services remote execution vulnerabilities
Summary
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-13T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services remote execution vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-12410",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services remote execution vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105558"
},
{
"name": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12410",
"datePublished": "2018-10-10T20:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T17:04:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29268 (GCVE-0-2023-29268)
Vulnerability from nvd – Published: 2023-04-26 17:24 – Updated: 2025-01-30 21:39
VLAI?
Title
TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Severity ?
9.8 (Critical)
CWE
- Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
0 , ≤ 11.4.10
(semver)
Affected: 11.5.0 Affected: 11.6.0 Affected: 11.6.1 Affected: 11.6.2 Affected: 11.7.0 Affected: 11.8.0 Affected: 11.8.1 Affected: 12.0.0 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.1.0 Affected: 12.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:39:50.970602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:39:54.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\u003c/p\u003e"
}
],
"value": "The Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T17:24:18.689Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\n\nTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\n\nTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-29268",
"datePublished": "2023-04-26T17:24:18.689Z",
"dateReserved": "2023-04-04T19:06:51.372Z",
"dateUpdated": "2025-01-30T21:39:54.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28830 (GCVE-0-2021-28830)
Vulnerability from nvd – Published: 2021-06-29 17:15 – Updated: 2024-09-16 23:10
VLAI?
Title
TIBCO Spotfire Windows Platform Artifact Search vulnerability
Summary
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-28830",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28830",
"datePublished": "2021-06-29T17:15:12.487779Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T23:10:44.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23275 (GCVE-0-2021-23275)
Vulnerability from nvd – Published: 2021-06-29 17:15 – Updated: 2024-09-16 20:53
VLAI?
Title
TIBCO Spotfire Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-23275",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23275",
"datePublished": "2021-06-29T17:15:10.796514Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T20:53:10.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11204 (GCVE-0-2019-11204)
Vulnerability from nvd – Published: 2019-05-14 19:57 – Updated: 2024-09-16 17:53
VLAI?
Title
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Summary
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T16:06:23",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Statistics Services Exposes Sensitive Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108347"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11204",
"datePublished": "2019-05-14T19:57:29.767743Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T17:53:03.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12410 (GCVE-0-2018-12410)
Vulnerability from nvd – Published: 2018-10-10 20:00 – Updated: 2024-09-16 17:04
VLAI?
Title
TIBCO Spotfire Statistics Services remote execution vulnerabilities
Summary
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-13T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services remote execution vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-12410",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services remote execution vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105558"
},
{
"name": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12410",
"datePublished": "2018-10-10T20:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T17:04:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}