CVE-2021-43051
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/12/2021
Last modified:
12/07/2022
Description
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Base Score 2.0
8.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:* | 10.10.6 (including) | |
| cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:spotfire_server:11.6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page