Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-26220

Опубликовано: 10 окт. 2023
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*
Версия до 11.4.7 (включая)
cpe:2.3:a:tibco:spotfire_analyst:11.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:11.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:11.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:11.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.0.4:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analyst:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*
Версия до 11.4.11 (включая)
cpe:2.3:a:tibco:spotfire_server:11.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.6.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.6.2:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.6.3:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:11.8.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.4:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.0.5:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:12.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.00111
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

github логотип

GHSA-p4rg-7c2h-6cqp

CVSS3: 5.4
github
больше 2 лет назад

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.

EPSS

Процентиль: 30%
0.00111
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79