9.8
CVE-2023-29268
- EPSS 1.14%
- Published 26.04.2023 18:15:09
- Last modified 30.01.2025 22:15:07
- Source security@tibco.com
- Teams watchlist Login
- Open Login
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Data is provided by the National Vulnerability Database (NVD)
Tibco ≫ Spotfire Statistics Services Version < 11.4.11
Tibco ≫ Spotfire Statistics Services Version11.5.0
Tibco ≫ Spotfire Statistics Services Version11.6.0
Tibco ≫ Spotfire Statistics Services Version11.6.1
Tibco ≫ Spotfire Statistics Services Version11.6.2
Tibco ≫ Spotfire Statistics Services Version11.7.0
Tibco ≫ Spotfire Statistics Services Version11.8.0
Tibco ≫ Spotfire Statistics Services Version11.8.1
Tibco ≫ Spotfire Statistics Services Version12.0.0
Tibco ≫ Spotfire Statistics Services Version12.0.1
Tibco ≫ Spotfire Statistics Services Version12.0.2
Tibco ≫ Spotfire Statistics Services Version12.1.0
Tibco ≫ Spotfire Statistics Services Version12.2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.771 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@tibco.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.