CVE-2023-29268
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 0 <= 11.4.10 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.5.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.6.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.6.1 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.6.2 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.7.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.8.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 11.8.1 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 12.0.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 12.0.1 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 12.0.2 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 12.1.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Statistics Services | 12.2.0 | affected |
Weaknesses
- Uploaded or modified files may be executed within the scope of the web server process allowing access to the system.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.