5
CVE-2023-26221
- EPSS 0.06%
- Veröffentlicht 08.11.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 07:50:56
- Quelle security@tibco.com
- CVE-Watchlists
- Unerledigt
LoginTIBCO Spotfire Insufficiently Protected Credential vulnerability
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tibco ≫ Spotfire Analyst Version12.3.0
Tibco ≫ Spotfire Analyst Version12.4.0
Tibco ≫ Spotfire Analyst Version12.5.0
Tibco ≫ Spotfire Analytics Platform Version12.5.0 SwPlatformaws_marketplace
Tibco ≫ Spotfire Server Version12.3.0
Tibco ≫ Spotfire Server Version12.4.0
Tibco ≫ Spotfire Server Version12.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.189 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.9 | 1.3 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
|
| security@tibco.com | 5 | 1.8 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.