CVE-2023-29268: TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
First published: Wed Apr 26 2023(Updated: )
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Credit: security@tibco.com security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Statistics Services | <11.4.11 | |
| TIBCO Spotfire Statistics Services | =11.5.0 | |
| TIBCO Spotfire Statistics Services | =11.6.0 | |
| TIBCO Spotfire Statistics Services | =11.6.1 | |
| TIBCO Spotfire Statistics Services | =11.6.2 | |
| TIBCO Spotfire Statistics Services | =11.7.0 | |
| TIBCO Spotfire Statistics Services | =11.8.0 | |
| TIBCO Spotfire Statistics Services | =11.8.1 | |
| TIBCO Spotfire Statistics Services | =12.0.0 | |
| TIBCO Spotfire Statistics Services | =12.0.1 | |
| TIBCO Spotfire Statistics Services | =12.0.2 | |
| TIBCO Spotfire Statistics Services | =12.1.0 | |
| TIBCO Spotfire Statistics Services | =12.2.0 | |
| <11.4.11 | ||
| =11.5.0 | ||
| =11.6.0 | ||
| =11.6.1 | ||
| =11.6.2 | ||
| =11.7.0 | ||
| =11.8.0 | ||
| =11.8.1 | ||
| =12.0.0 | ||
| =12.0.1 | ||
| =12.0.2 | ||
| =12.1.0 | ||
| =12.2.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Spotfire Statistics Services versions 11.4.10 and below: update to version 11.4.11 or later TIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2: update to version 12.0.3 or later TIBCO Spotfire Statistics Services versions 12.1.0 and 12.2.0: update to version 12.3.0 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-29268?
CVE-2023-29268 is a vulnerability in the Splus Server component of TIBCO Spotfire Statistics Services.
How severe is CVE-2023-29268?
CVE-2023-29268 has a severity rating of 9.8 (critical).
Which versions of TIBCO Spotfire Statistics Services are affected by CVE-2023-29268?
Versions 11.4.11 to 12.2.0 of TIBCO Spotfire Statistics Services are affected by CVE-2023-29268.
What is the CWE ID for CVE-2023-29268?
CVE-2023-29268 is associated with CWE ID 434.
How can I fix CVE-2023-29268?
To fix CVE-2023-29268, it is recommended to apply the latest updates and patches provided by TIBCO Software Inc.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/title
- agent/author
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/tibco
- canonical/tibco spotfire statistics services
- version/tibco spotfire statistics services/11.5.0
- version/tibco spotfire statistics services/11.6.0
- version/tibco spotfire statistics services/11.6.1
- version/tibco spotfire statistics services/11.6.2
- version/tibco spotfire statistics services/11.7.0
- version/tibco spotfire statistics services/11.8.0
- version/tibco spotfire statistics services/11.8.1
- version/tibco spotfire statistics services/12.0.0
- version/tibco spotfire statistics services/12.0.1
- version/tibco spotfire statistics services/12.0.2
- version/tibco spotfire statistics services/12.1.0
- version/tibco spotfire statistics services/12.2.0