CVE-2023-26221

{"id": "CVE-2023-26221", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.8}]}, "published": "2023-11-08T20:15:07.313", "references": [{"url": "https://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "security@tibco.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.\n\n"}, {"lang": "es", "value": "El componente Spotfire Connectors de Spotfire Analyst, Spotfire Server y Spotfire para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con pocos privilegios y acceso de lectura/escritura crear archivos maliciosos de Analyst. Un ataque exitoso que utilice esta vulnerabilidad requiere la interacci\u00f3n humana de una persona distinta del atacante. Las versiones afectadas son Spotfire Analyst de TIBCO Software Inc.: versiones 12.3.0, 12.4.0 y 12.5.0, Spotfire Server: versiones 12.3.0, 12.4.0 y 12.5.0, y Spotfire para AWS Marketplace: versi\u00f3n 12.5.0."}], "lastModified": "2023-11-16T17:37:34.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "949054A7-A299-4C11-9E2B-7437D6C4D801"}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C63E85E6-8519-4957-B55B-0B8F6E658B2B"}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE433F55-79E4-438C-81C7-4CEEAEE1C442"}, {"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform:12.5.0:*:*:*:*:aws_marketplace:*:*", "vulnerable": true, "matchCriteriaId": "55B9367D-3938-4059-BABE-72322C2AE10C"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:12.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F7F5C30-950E-4483-8795-761C506BB549"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B67F529-EB21-4628-ADA2-56E76DA272EB"}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:12.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889EE133-0CEE-429F-A58E-1F310FB981B8"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}