CVE-2021-23273

Summary

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Spotfire Analystunspecified <= 10.3.3affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.10.0affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.10.1affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.10.2affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.7.0affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.8.0affected
TIBCO Software Inc.TIBCO Spotfire Analyst10.9.0affected
TIBCO Software Inc.TIBCO Spotfire Analyst11.0.0affected
TIBCO Software Inc.TIBCO Spotfire Analyst11.1.0affected
TIBCO Software Inc.TIBCO Spotfire Analytics Platform for AWS Marketplaceunspecified <= 11.1.0affected
TIBCO Software Inc.TIBCO Spotfire Desktopunspecified <= 10.3.3affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.10.0affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.10.1affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.10.2affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.7.0affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.8.0affected
TIBCO Software Inc.TIBCO Spotfire Desktop10.9.0affected
TIBCO Software Inc.TIBCO Spotfire Desktop11.0.0affected
TIBCO Software Inc.TIBCO Spotfire Desktop11.1.0affected
TIBCO Software Inc.TIBCO Spotfire Serverunspecified <= 10.3.11affected
TIBCO Software Inc.TIBCO Spotfire Server10.10.0affected
TIBCO Software Inc.TIBCO Spotfire Server10.10.1affected
TIBCO Software Inc.TIBCO Spotfire Server10.10.2affected
TIBCO Software Inc.TIBCO Spotfire Server10.10.3affected
TIBCO Software Inc.TIBCO Spotfire Server10.7.0affected
TIBCO Software Inc.TIBCO Spotfire Server10.8.0affected
TIBCO Software Inc.TIBCO Spotfire Server10.8.1affected
TIBCO Software Inc.TIBCO Spotfire Server10.9.0affected
TIBCO Software Inc.TIBCO Spotfire Server11.0.0affected
TIBCO Software Inc.TIBCO Spotfire Server11.1.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system.

ADP Enrichment

CVE Program Container

Additional References

References