The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
References
Link | Resource |
---|---|
https://www.tibco.com/services/support/advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 May 2023, 01:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tibco:spotfire_statistics_services:11.7.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.6.1:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.6.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.5.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.8.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.8.1:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:12.2.0:*:*:*:*:*:*:* cpe:2.3:a:tibco:spotfire_statistics_services:11.6.2:*:*:*:*:*:*:* |
|
First Time |
Tibco
Tibco spotfire Statistics Services |
|
CWE | CWE-434 | |
References | (MISC) https://www.tibco.com/services/support/advisories - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
26 Apr 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-26 18:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-29268
Mitre link : CVE-2023-29268
CVE.ORG link : CVE-2023-29268
JSON object : View
Products Affected
tibco
- spotfire_statistics_services
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type