CVE-2021-23275

Опубликовано: 29 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO E

Ссылки

http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275
Vendor Advisory
http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-23275
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*

Версия до 1.2.4 (включая)

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.1:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.4.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.5.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.6.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*

Версия до 11.3.0 (включая)

cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*

Версия до 10.3.12 (включая)

cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.6.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.4:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*

Версия до 10.3.0 (включая)

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-vm2c-v328-xcwc

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 7%

0.00026

Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732