CVE-2023-26221: TIBCO Spotfire Insufficiently Protected Credential vulnerability
First published: Wed Nov 08 2023(Updated: )
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analyst | =12.3.0 | |
| TIBCO Spotfire Analyst | =12.4.0 | |
| TIBCO Spotfire Analyst | =12.5.0 | |
| Tibco Spotfire Analytics Platform | =12.5.0 | |
| TIBCO Spotfire Server | =12.3.0 | |
| TIBCO Spotfire Server | =12.4.0 | |
| TIBCO Spotfire Server | =12.5.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. Spotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later Spotfire Server versions 12.3.0, 12.4.0, and 12.5.0: update to version 14.0.0 or later Spotfire for AWS Marketplace version 12.5.0: update to version 14.0.0 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26221?
CVE-2023-26221 is a vulnerability in TIBCO Spotfire that allows a low privileged attacker to craft malicious Analyst files.
Which versions of TIBCO Spotfire are affected by CVE-2023-26221?
TIBCO Spotfire Analyst versions 12.3.0, 12.4.0, and 12.5.0, as well as TIBCO Spotfire Server versions 12.3.0, 12.4.0, and 12.5.0, and Tibco Spotfire Analytics Platform version 12.5.0 are affected.
What is the severity of CVE-2023-26221?
CVE-2023-26221 has a severity rating of medium (5 out of 10).
How can an attacker exploit CVE-2023-26221?
An attacker with low privileges and read/write access can exploit CVE-2023-26221 by crafting malicious Analyst files.
Is there a fix available for CVE-2023-26221?
It is recommended to update to the latest patched version of TIBCO Spotfire to mitigate the vulnerability.
- collector/nvd-api
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tibco
- canonical/tibco spotfire analyst
- version/tibco spotfire analyst/12.3.0
- version/tibco spotfire analyst/12.4.0
- version/tibco spotfire analyst/12.5.0
- canonical/tibco spotfire analytics platform
- version/tibco spotfire analytics platform/12.5.0
- canonical/tibco spotfire server
- version/tibco spotfire server/12.3.0
- version/tibco spotfire server/12.4.0
- version/tibco spotfire server/12.5.0