CVE-2021-28830

Опубликовано: 29 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: ve

Ссылки

http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830
Vendor Advisory
http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*

Версия до 1.2.4 (включая)

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.3.1:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.4.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.5.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:enterprise_runtime_for_r:1.6.0:*:*:*:server:*:*:*

cpe:2.3:a:tibco:spotfire_analytics_platform:*:*:*:*:*:aws_marketplace:*:*

Версия до 11.3.0 (включая)

cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*

Версия до 10.3.12 (включая)

cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.6.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.8.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.9.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.3:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:10.10.4:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*

Версия до 10.3.0 (включая)

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:10.10.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_statistics_services:11.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6rjr-cg8x-gc8f

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 10%

0.00034

Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo