Lucene search

TibcoCVELIST:CVE-2022-41558

HistoryNov 15, 2022 - 6:15 p.m.

CVE-2022-41558 TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability

2022-11-1518:15:12

tibco

www.cve.org

tibco

spotfire

cross site scripting

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.

CNA Affected

[
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analyst",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "12.1.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Desktop",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "11.4.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "11.5.0",
        "status": "affected"
      },
      {
        "version": "11.6.0",
        "status": "affected"
      },
      {
        "version": "11.6.1",
        "status": "affected"
      },
      {
        "version": "11.6.2",
        "status": "affected"
      },
      {
        "version": "11.6.3",
        "status": "affected"
      },
      {
        "version": "11.7.0",
        "status": "affected"
      },
      {
        "version": "11.8.0",
        "status": "affected"
      },
      {
        "version": "11.8.1",
        "status": "affected"
      },
      {
        "version": "12.0.0",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Spotfire Server",
    "versions": [
      {
        "version": "12.1.0",
        "status": "affected"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-41558