CRITICAL🇬🇧 English

CVE-2023-29268

CVSS 9.8v3.1pub. 2023-04-26upd. 2025-01-30

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tibco Spotfire Statistics Services

    APP
    Tibco
    11.5.011.6.011.6.111.6.211.7.011.8.011.8.112.0.012.0.112.0.212.1.012.2.0< 11.4.11
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-3115CRITICAL9.4PL ✓ten sam produkt

RCE w Tibco Spotfire — wstrzyknięcie kodu i nievalidowane nazwy plików

CVE-2018-12410CRITICAL9.8ten sam produkt

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilitie...

CVE-2021-23275HIGH8.8ten sam produkt

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, T...

CVE-2021-28830HIGH8.8ten sam produkt

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterpr...

CVE-2019-11204HIGH8.8ten sam produkt

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerabili...

CVE-2023-29268 — CRITICAL 9.8 | CVEbaza.pl