CVE-2023-26221

Summary

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.Spotfire Analyst12.3.0affected
TIBCO Software Inc.Spotfire Analyst12.4.0affected
TIBCO Software Inc.Spotfire Analyst12.5.0affected
TIBCO Software Inc.Spotfire Server12.3.0affected
TIBCO Software Inc.Spotfire Server12.4.0affected
TIBCO Software Inc.Spotfire Server12.5.0affected
TIBCO Software Inc.Spotfire for AWS Marketplace12.5.0affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References