Search criteria
21 vulnerabilities found for spotfire_statistics_services by tibco
FKIE_CVE-2025-3115
Vulnerability from fkie_nvd - Published: 2025-04-09 18:15 - Updated: 2025-11-11 12:15
Severity ?
Summary
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E4B95026-0F1F-498E-A9F6-E6C8128C96D7",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D32EAFEE-068C-411B-835A-3EB904EF1D72",
"versionEndExcluding": "14.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C020EF-6D20-4898-B87C-947856FFA863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1658C79B-930F-4810-AEA0-CA028AAF0C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9366B298-53DA-480A-8511-F26A5993BBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24E86CD4-74B8-452C-AB07-1056D88EBA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FE621F-3100-40F2-B5CA-586CC399BF0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"matchCriteriaId": "AFDC8DE8-CA02-403D-ACC9-AAFD83931EF4",
"versionEndExcluding": "1.17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.18.0:*:*:*:server:*:*:*",
"matchCriteriaId": "8C8006F5-94D2-41AD-971E-3E4949AB3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.19.0:*:*:*:server:*:*:*",
"matchCriteriaId": "D4F950F4-8EBB-49BF-A04F-1FC53ADF5B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.20.0:*:*:*:server:*:*:*",
"matchCriteriaId": "1DDF81DF-0B5D-47B0-95CA-99FE80193632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.0:*:*:*:server:*:*:*",
"matchCriteriaId": "470B940C-EC98-48AC-A723-6E7358355A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_enterprise_runtime_for_r:1.21.1:*:*:*:server:*:*:*",
"matchCriteriaId": "CE050D37-B646-4A65-A580-D2AEFB024216",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1159D5C-5687-4634-8372-2D78E3AC4EED",
"versionEndExcluding": "14.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4B3273-A4D0-4455-9957-3FB21273E509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "482923B8-BF2E-4EB1-A04A-BF139703DA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF8F9F1-2DE8-4ABB-BC5E-C75D81ACA0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "362FBA49-9BEA-4946-9F64-0E5FB57B8AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC54B56-2861-404F-91F5-2FC9C2B6F794",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9B3AD9-1370-43F5-82FF-D62FE7EB14BB",
"versionEndExcluding": "14.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5F5802-BBC6-41E6-BB6A-FB58C0806C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0760EB3A-55CD-4F7C-A60B-9A2B01A7D7AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFACCD8-2FD1-4759-93A4-91798A1D5E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F60D8880-17CA-425D-B4A4-42F67DF59E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:14.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0429550-AC79-489D-9D21-C2E0CF5F68DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E73759-DAA6-4426-BCCC-3C430F24B58B",
"versionEndExcluding": "14.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
"matchCriteriaId": "3D1EB109-FC21-404F-8129-73A5363B5A94",
"versionEndExcluding": "14.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.\nAdditionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution"
},
{
"lang": "es",
"value": "Vulnerabilidades de inyecci\u00f3n: Los atacantes pueden inyectar c\u00f3digo malicioso, lo que podr\u00eda permitirle controlar el sistema que ejecuta estas funciones. Adem\u00e1s, una validaci\u00f3n insuficiente de los nombres de archivo durante la carga puede permitir que los atacantes carguen y ejecuten archivos maliciosos, lo que provoca la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2025-3115",
"lastModified": "2025-11-11T12:15:34.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@tibco.com",
"type": "Secondary"
}
]
},
"published": "2025-04-09T18:15:50.813",
"references": [
{
"source": "security@tibco.com",
"url": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-29268
Vulnerability from fkie_nvd - Published: 2023-04-26 18:15 - Updated: 2025-01-30 22:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | https://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/services/support/advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_statistics_services | * | |
| tibco | spotfire_statistics_services | 11.5.0 | |
| tibco | spotfire_statistics_services | 11.6.0 | |
| tibco | spotfire_statistics_services | 11.6.1 | |
| tibco | spotfire_statistics_services | 11.6.2 | |
| tibco | spotfire_statistics_services | 11.7.0 | |
| tibco | spotfire_statistics_services | 11.8.0 | |
| tibco | spotfire_statistics_services | 11.8.1 | |
| tibco | spotfire_statistics_services | 12.0.0 | |
| tibco | spotfire_statistics_services | 12.0.1 | |
| tibco | spotfire_statistics_services | 12.0.2 | |
| tibco | spotfire_statistics_services | 12.1.0 | |
| tibco | spotfire_statistics_services | 12.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65804033-AECA-41EC-8973-CAE190EF69BD",
"versionEndExcluding": "11.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D37E7A0-F21A-413E-AF65-59340520B6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3602DE-B5AB-4FFA-AAD9-8C42B00988F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "510E83A5-B777-4EE6-851C-F9BE10147594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55EABB66-4B3D-4D72-B028-E40491CDC77C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42A74F6C-267D-4B1F-BF66-A1F10B0B2A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C677EA4-6EB9-4B9B-9E1E-97555AF1291F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE304915-AE5B-45C7-BA5C-79AA880F1088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D69CD443-28E2-4632-95D4-E5EB3F094768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAE9787-53AE-4A38-8223-1F7893CC3CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ECA9B9-6058-4CE5-9535-8ED98022FB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E78843D-BBB8-4558-9E56-75CE514FA143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA10C631-566D-46BF-93A5-A7A92266FC47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"id": "CVE-2023-29268",
"lastModified": "2025-01-30T22:15:07.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-26T18:15:09.160",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-23275
Vulnerability from fkie_nvd - Published: 2021-06-29 18:15 - Updated: 2024-11-21 05:51
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"matchCriteriaId": "9F251C4F-DC9E-45B1-822B-77ABE937F970",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.0:*:*:*:server:*:*:*",
"matchCriteriaId": "5B1E8362-7D8C-4D8C-A337-1A994BB96D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.1:*:*:*:server:*:*:*",
"matchCriteriaId": "0C5E2114-4947-4954-BECC-344ED3C77994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.4.0:*:*:*:server:*:*:*",
"matchCriteriaId": "436848E8-42D4-428C-B979-A817861E17EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.5.0:*:*:*:server:*:*:*",
"matchCriteriaId": "6C7A1A92-99DB-4665-8C50-33819B222091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.6.0:*:*:*:server:*:*:*",
"matchCriteriaId": "375D0027-44E3-4144-B48D-72813C2CD850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
"matchCriteriaId": "73352CBA-FB37-4B50-8F61-584CEA5358E7",
"versionEndIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C363AFD7-F7EC-4F06-AEB0-10B94A8EC513",
"versionEndIncluding": "10.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A586E5-91CB-4167-99A0-17D692AF02ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28151CD2-540D-4D16-A894-082C2946FEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "901B6B29-8644-43BC-BFAD-3229CD37FB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1490724A-AF67-4037-B5D9-47477B58D765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A962BD2-0CB0-4EE5-9904-362FDB9655D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA54B6E-D53B-4196-AAD4-1C551C635D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "047CA6DF-7CF2-4B6F-BDFD-DB1EC64D6C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5F724C-30A5-4BA3-9047-3B0DFE30B4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA297F15-2B70-4A13-9D63-816FD3149A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "725C73FF-99C6-4724-AF0F-BD71C3879C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58D5C32A-F10F-4237-99BB-163B4B7D6D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B68BAB9A-2479-4C36-B12A-D9F5A6C98D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8E5F64-CCF2-41D5-B93A-1A0BB5248F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9262AA9-DFE0-4D68-AF0A-257C8B4AB307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4098AC3A-EDEB-45F9-A791-0563F56B3F2D",
"versionEndIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9033F95-BBB4-4668-9E39-8F19301C5095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0DACE2-8873-4C00-9715-22CAE085E353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAE559B-5184-416E-9646-537BC616E8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CC49A-4495-40AC-A426-78D5DE841713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D37D1F9-095F-419C-85CD-663092A20940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "137284BF-BFA8-4F33-9E17-710882639F32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
},
{
"lang": "es",
"value": "El componente de instalaci\u00f3n en Windows de TIBCO Software Inc. \u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, y TIBCO Spotfire Statistics Services contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante poco privilegiado y con acceso local en algunas versiones del sistema operativo Windows insertar software malicioso. El componente afectado puede ser abusado para ejecutar el software malicioso insertado por el atacante con los privilegios elevados del componente. Esta vulnerabilidad es debido a una falta de restricciones de acceso a determinados archivos y/o carpetas de la instalaci\u00f3n. Las versiones afectadas son TIBCO Enterprise Runtime for R - Server Edition de TIBCO Software Inc.: versiones 1.2.4 y posteriores, TIBCO Enterprise Runtime for R - Server Edition: versiones 1.3.0 y 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versiones 1.4.0, 1.5.0 y 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones 11.3.0 y posteriores, TIBCO Spotfire Server: versiones 10.3. 12 y por debajo TIBCO Spotfire Server: versiones 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3 y 10.10.4, TIBCO Spotfire Server: versiones 11.0.0, 11.1.0, 11.2.0 y 11. 3.0, TIBCO Spotfire Statistics Services: versiones 10.3.0 y posteriores, TIBCO Spotfire Statistics Services: versiones 10.10.0, 10.10.1 y 10.10.2, y TIBCO Spotfire Statistics Services: versiones 11.1.0, 11.2.0 y 11.3.0"
}
],
"id": "CVE-2021-23275",
"lastModified": "2024-11-21T05:51:28.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-29T18:15:08.567",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28830
Vulnerability from fkie_nvd - Published: 2021-06-29 18:15 - Updated: 2024-11-21 06:00
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"matchCriteriaId": "9F251C4F-DC9E-45B1-822B-77ABE937F970",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.0:*:*:*:server:*:*:*",
"matchCriteriaId": "5B1E8362-7D8C-4D8C-A337-1A994BB96D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.1:*:*:*:server:*:*:*",
"matchCriteriaId": "0C5E2114-4947-4954-BECC-344ED3C77994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.4.0:*:*:*:server:*:*:*",
"matchCriteriaId": "436848E8-42D4-428C-B979-A817861E17EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.5.0:*:*:*:server:*:*:*",
"matchCriteriaId": "6C7A1A92-99DB-4665-8C50-33819B222091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:1.6.0:*:*:*:server:*:*:*",
"matchCriteriaId": "375D0027-44E3-4144-B48D-72813C2CD850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*",
"matchCriteriaId": "73352CBA-FB37-4B50-8F61-584CEA5358E7",
"versionEndIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C363AFD7-F7EC-4F06-AEB0-10B94A8EC513",
"versionEndIncluding": "10.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A586E5-91CB-4167-99A0-17D692AF02ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28151CD2-540D-4D16-A894-082C2946FEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "901B6B29-8644-43BC-BFAD-3229CD37FB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1490724A-AF67-4037-B5D9-47477B58D765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A962BD2-0CB0-4EE5-9904-362FDB9655D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA54B6E-D53B-4196-AAD4-1C551C635D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "047CA6DF-7CF2-4B6F-BDFD-DB1EC64D6C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5F724C-30A5-4BA3-9047-3B0DFE30B4BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA297F15-2B70-4A13-9D63-816FD3149A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "725C73FF-99C6-4724-AF0F-BD71C3879C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58D5C32A-F10F-4237-99BB-163B4B7D6D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B68BAB9A-2479-4C36-B12A-D9F5A6C98D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8E5F64-CCF2-41D5-B93A-1A0BB5248F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9262AA9-DFE0-4D68-AF0A-257C8B4AB307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4098AC3A-EDEB-45F9-A791-0563F56B3F2D",
"versionEndIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9033F95-BBB4-4668-9E39-8F19301C5095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0DACE2-8873-4C00-9715-22CAE085E353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAE559B-5184-416E-9646-537BC616E8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CC49A-4495-40AC-A426-78D5DE841713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D37D1F9-095F-419C-85CD-663092A20940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "137284BF-BFA8-4F33-9E17-710882639F32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
},
{
"lang": "es",
"value": "Los componentes TIBCO Spotfire Server y TIBCO Enterprise Runtime for R de TIBCO Software Inc. \u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, y TIBCO Spotfire Statistics Services contienen una vulnerabilidad que te\u00f3ricamente permite a un atacante poco privileagiado y con acceso local en el sistema operativo Windows insertar software malicioso. El componente afectado puede ser abusado para ejecutar el software malicioso insertado por el atacante con los privilegios elevados del componente. Esta vulnerabilidad resulta de la b\u00fasqueda de artefactos en tiempo de ejecuci\u00f3n por parte del componente afectado fuera de la jerarqu\u00eda de instalaci\u00f3n. Las versiones afectadas son TIBCO Enterprise Runtime for R - Server Edition de TIBCO Software Inc.: versiones 1.2.4 y posteriores, TIBCO Enterprise Runtime for R - Server Edition: versiones 1.3.0 y 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versiones 1.4.0, 1.5.0 y 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones 11.3.0 y posteriores, TIBCO Spotfire Server: versiones 10.3. 12 e inferiores, TIBCO Spotfire Server: versiones 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3 y 10.10.4, TIBCO Spotfire Server: versiones 11.0.0, 11.1.0, 11.2.0 y 11. 3.0, TIBCO Spotfire Statistics Services: versiones 10.3.0 e inferiores, TIBCO Spotfire Statistics Services: versiones 10.10.0, 10.10.1 y 10.10.2, y TIBCO Spotfire Statistics Services: versiones 11.1.0, 11.2.0 y 11.3.0"
}
],
"id": "CVE-2021-28830",
"lastModified": "2024-11-21T06:00:17.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-29T18:15:08.607",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11204
Vulnerability from fkie_nvd - Published: 2019-05-14 20:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108347 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108347 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_statistics_services | * | |
| tibco | spotfire_statistics_services | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5363B288-CE0F-4198-A129-CFFB1FEB5584",
"versionEndIncluding": "7.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAD3057-D3FD-4AD7-9B94-65C0E1451E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
},
{
"lang": "es",
"value": "El componente de interfaz web de TIBCO Spotfire Statistics Services de TIBCO Software Inc, contiene una vulnerabilidad que podr\u00eda, en teor\u00eda, permitir que un usuario autenticado acceda a la informaci\u00f3n confidencial que necesita el servidor Spotfire Statistics Services. La informaci\u00f3n confidencial que podr\u00eda verse imapactada comprende base de datos, JMX, LDAP, cuenta de servicio de Windows y credenciales de usuario. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versiones hasta 7.11.1 y 10.0.0. incluy\u00e9ndolas."
}
],
"id": "CVE-2019-11204",
"lastModified": "2024-11-21T04:20:43.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-14T20:29:02.887",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108347"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12410
Vulnerability from fkie_nvd - Published: 2018-10-10 20:29 - Updated: 2024-11-21 03:45
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/105558 | Third Party Advisory, VDB Entry | |
| security@tibco.com | https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105558 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_statistics_services | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAE20FF-372E-4C2D-BC8F-69B2620539FF",
"versionEndIncluding": "7.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
},
{
"lang": "es",
"value": "El componente web server de Spotfire Statistics Services, de TIBCO Software, contiene m\u00faltiples vulnerabilidades que podr\u00edan permitir la ejecuci\u00f3n remota de c\u00f3digo. Sin necesidad de autenticarse, un atacante podr\u00eda ser capaz de ejecutar c\u00f3digo remotamente con los permisos de la cuenta del sistema empleada para ejecutar el componente web server. Las versiones afectadas son TIBCO Software Inc. TIBCO Spotfire Statistics Services hasta la versi\u00f3n 7.11.0 (incluida)."
}
],
"id": "CVE-2018-12410",
"lastModified": "2024-11-21T03:45:10.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T20:29:00.273",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2371
Vulnerability from fkie_nvd - Published: 2013-03-15 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_statistics_services | 3.3 | |
| tibco | spotfire_statistics_services | 4.5.0 | |
| tibco | spotfire_statistics_services | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E117CD59-2503-4D42-AEDF-C25A16050EA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB94D044-9222-4BE2-9CA8-4582719941D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_statistics_services:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "276A6090-AE33-4AB2-8D4F-CA54889A6B15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request."
},
{
"lang": "es",
"value": "La API Web en el Statistics Server en TIBCO Spotfire Statistics Services v3.3.x anterior a v3.3.1, v4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 permite a atacantes remotos obtener informaci\u00f3n sensible mediante una solicitud HTTP."
}
],
"id": "CVE-2013-2371",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-15T22:55:00.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-3115 (GCVE-0-2025-3115)
Vulnerability from cvelistv5 – Published: 2025-04-09 18:12 – Updated: 2025-11-11 11:47
VLAI?
Title
Spotfire Data Function Vulnerability
Summary
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Spotfire | Spotfire Statistics Services |
Affected:
14 , < 14.0.7
(Patch)
Affected: 14.1.0 (Patch) Affected: 14.2.0 (Patch) Affected: 14.3.0 (Patch) Affected: 14.4.0 (Patch) Affected: 14.4.1 (Patch) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:28:35.698097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:29:39.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spotfire Statistics Services",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.7",
"status": "affected",
"version": "14",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Analyst",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.6",
"status": "affected",
"version": "14.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Deployment Kit used in Spotfire Server",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.7",
"status": "affected",
"version": "14.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Desktop",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.4.2",
"status": "affected",
"version": "14.4",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire for AWS Marketplace",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.4.2",
"status": "unknown",
"version": "14.4",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Enterprise Runtime for R - Server Edition",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.19.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.20.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.21.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.21.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Service for Python",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"lessThanOrEqual": "1.21.1",
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Service for R",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"lessThanOrEqual": "1.21.1",
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-04-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cstrong\u003eInjection Vulnerabilities: \u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAttackers can inject malicious code, potentially gaining control over the system executing these functions.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdditionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.\nAdditionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T11:47:58.064Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spotfire Data Function Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-3115",
"datePublished": "2025-04-09T18:12:28.348Z",
"dateReserved": "2025-04-02T10:56:03.148Z",
"dateUpdated": "2025-11-11T11:47:58.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29268 (GCVE-0-2023-29268)
Vulnerability from cvelistv5 – Published: 2023-04-26 17:24 – Updated: 2025-01-30 21:39
VLAI?
Title
TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Severity ?
9.8 (Critical)
CWE
- Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
0 , ≤ 11.4.10
(semver)
Affected: 11.5.0 Affected: 11.6.0 Affected: 11.6.1 Affected: 11.6.2 Affected: 11.7.0 Affected: 11.8.0 Affected: 11.8.1 Affected: 12.0.0 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.1.0 Affected: 12.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:39:50.970602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:39:54.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\u003c/p\u003e"
}
],
"value": "The Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T17:24:18.689Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\n\nTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\n\nTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-29268",
"datePublished": "2023-04-26T17:24:18.689Z",
"dateReserved": "2023-04-04T19:06:51.372Z",
"dateUpdated": "2025-01-30T21:39:54.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28830 (GCVE-0-2021-28830)
Vulnerability from cvelistv5 – Published: 2021-06-29 17:15 – Updated: 2024-09-16 23:10
VLAI?
Title
TIBCO Spotfire Windows Platform Artifact Search vulnerability
Summary
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-28830",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28830",
"datePublished": "2021-06-29T17:15:12.487779Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T23:10:44.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23275 (GCVE-0-2021-23275)
Vulnerability from cvelistv5 – Published: 2021-06-29 17:15 – Updated: 2024-09-16 20:53
VLAI?
Title
TIBCO Spotfire Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-23275",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23275",
"datePublished": "2021-06-29T17:15:10.796514Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T20:53:10.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11204 (GCVE-0-2019-11204)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:57 – Updated: 2024-09-16 17:53
VLAI?
Title
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Summary
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T16:06:23",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Statistics Services Exposes Sensitive Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108347"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11204",
"datePublished": "2019-05-14T19:57:29.767743Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T17:53:03.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12410 (GCVE-0-2018-12410)
Vulnerability from cvelistv5 – Published: 2018-10-10 20:00 – Updated: 2024-09-16 17:04
VLAI?
Title
TIBCO Spotfire Statistics Services remote execution vulnerabilities
Summary
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-13T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services remote execution vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-12410",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services remote execution vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105558"
},
{
"name": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12410",
"datePublished": "2018-10-10T20:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T17:04:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2371 (GCVE-0-2013-2371)
Vulnerability from cvelistv5 – Published: 2013-03-15 14:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-15T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2371",
"datePublished": "2013-03-15T14:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:07:24.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3115 (GCVE-0-2025-3115)
Vulnerability from nvd – Published: 2025-04-09 18:12 – Updated: 2025-11-11 11:47
VLAI?
Title
Spotfire Data Function Vulnerability
Summary
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Spotfire | Spotfire Statistics Services |
Affected:
14 , < 14.0.7
(Patch)
Affected: 14.1.0 (Patch) Affected: 14.2.0 (Patch) Affected: 14.3.0 (Patch) Affected: 14.4.0 (Patch) Affected: 14.4.1 (Patch) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:28:35.698097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:29:39.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spotfire Statistics Services",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.7",
"status": "affected",
"version": "14",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Analyst",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.6",
"status": "affected",
"version": "14.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Deployment Kit used in Spotfire Server",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.0.7",
"status": "affected",
"version": "14.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.1.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.2.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.3.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "14.4.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Desktop",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.4.2",
"status": "affected",
"version": "14.4",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire for AWS Marketplace",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "14.4.2",
"status": "unknown",
"version": "14.4",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Enterprise Runtime for R - Server Edition",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.19.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.20.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.21.0",
"versionType": "Patch"
},
{
"status": "affected",
"version": "1.21.1",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Service for Python",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"lessThanOrEqual": "1.21.1",
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unknown",
"product": "Spotfire Service for R",
"vendor": "Spotfire",
"versions": [
{
"lessThan": "1.17.7",
"status": "affected",
"version": "1.17",
"versionType": "Patch"
},
{
"lessThanOrEqual": "1.21.1",
"status": "affected",
"version": "1.18.0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-04-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cstrong\u003eInjection Vulnerabilities: \u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAttackers can inject malicious code, potentially gaining control over the system executing these functions.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdditionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.\nAdditionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T11:47:58.064Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3115-r3485/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spotfire Data Function Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-3115",
"datePublished": "2025-04-09T18:12:28.348Z",
"dateReserved": "2025-04-02T10:56:03.148Z",
"dateUpdated": "2025-11-11T11:47:58.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29268 (GCVE-0-2023-29268)
Vulnerability from nvd – Published: 2023-04-26 17:24 – Updated: 2025-01-30 21:39
VLAI?
Title
TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Severity ?
9.8 (Critical)
CWE
- Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
0 , ≤ 11.4.10
(semver)
Affected: 11.5.0 Affected: 11.6.0 Affected: 11.6.1 Affected: 11.6.2 Affected: 11.7.0 Affected: 11.8.0 Affected: 11.8.1 Affected: 12.0.0 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.1.0 Affected: 12.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:39:50.970602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:39:54.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\u003c/p\u003e"
}
],
"value": "The Splus Server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T17:24:18.689Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\u003c/p\u003e\u003cp\u003eTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later\n\nTIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later\n\nTIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-29268",
"datePublished": "2023-04-26T17:24:18.689Z",
"dateReserved": "2023-04-04T19:06:51.372Z",
"dateUpdated": "2025-01-30T21:39:54.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28830 (GCVE-0-2021-28830)
Vulnerability from nvd – Published: 2021-06-29 17:15 – Updated: 2024-09-16 23:10
VLAI?
Title
TIBCO Spotfire Windows Platform Artifact Search vulnerability
Summary
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Artifact Search vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-28830",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Artifact Search vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-28830",
"datePublished": "2021-06-29T17:15:12.487779Z",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-09-16T23:10:44.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23275 (GCVE-0-2021-23275)
Vulnerability from nvd – Published: 2021-06-29 17:15 – Updated: 2024-09-16 20:53
VLAI?
Title
TIBCO Spotfire Windows Platform Installation vulnerability
Summary
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
unspecified , ≤ 1.2.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
}
]
},
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.10.4"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
}
]
},
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"datePublic": "2021-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
},
"title": "TIBCO Spotfire Windows Platform Installation vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-06-29T17:00:00Z",
"ID": "CVE-2021-23275",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.4"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
},
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.12"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.10.4"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
}
]
}
},
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "11.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.4 and below update to version 1.2.5 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.3.0 and 1.3.1 update to version 1.3.2 or later\nTIBCO Enterprise Runtime for R - Server Edition versions 1.4.0, 1.5.0, and 1.6.0 update to version 1.7.0 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.3.0 and below update to version 11.4.0 or later\nTIBCO Spotfire Server versions 10.3.12 and below update to version 10.3.13 or later\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4 update to version 10.10.5 or later\nTIBCO Spotfire Server versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later\nTIBCO Spotfire Statistics Services versions 10.3.0 and below update to version 10.3.1 or later\nTIBCO Spotfire Statistics Services versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or later\nTIBCO Spotfire Statistics Services versions 11.1.0, 11.2.0, and 11.3.0 update to version 11.4.0 or later"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23275",
"datePublished": "2021-06-29T17:15:10.796514Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T20:53:10.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11204 (GCVE-0-2019-11204)
Vulnerability from nvd – Published: 2019-05-14 19:57 – Updated: 2024-09-16 17:53
VLAI?
Title
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Summary
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 10.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.0.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T16:06:23",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108347"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Statistics Services Exposes Sensitive Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
},
{
"name": "108347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108347"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11204",
"datePublished": "2019-05-14T19:57:29.767743Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T17:53:03.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12410 (GCVE-0-2018-12410)
Vulnerability from nvd – Published: 2018-10-10 20:00 – Updated: 2024-09-16 17:04
VLAI?
Title
TIBCO Spotfire Statistics Services remote execution vulnerabilities
Summary
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services |
Affected:
unspecified , ≤ 7.11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Statistics Services",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-13T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "105558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Statistics Services remote execution vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-12410",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services remote execution vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc\u0027s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105558"
},
{
"name": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nIn addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.\n\nFor each affected system, update to the corresponding software versions:\n- TIBCO Spotfire Statistics Services versions 7.11.0 and below update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12410",
"datePublished": "2018-10-10T20:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-16T17:04:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2371 (GCVE-0-2013-2371)
Vulnerability from nvd – Published: 2013-03-15 14:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-15T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2371",
"datePublished": "2013-03-15T14:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:07:24.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}