CVE-2021-43051— TIBCO Spotfire Server API Authorization Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-43051
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TIBCO Spotfire Server API Authorization Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tibco Software TIBCO Spotfire Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tibco Software TIBCO Spotfire Server是美国TIBCO Software(Tibco Software)公司的一套基于TIBCO Spotfire(数据分析和挖掘工具)的为企业提供整合、运行和管理的平台。 TIBCO Spotfire Server 存在安全漏洞,该漏洞允许具有网络访问权限的恶意自定义 API 客户端在授权范围之外执行内部 API 操作到它。受影响的版本是 TIBCO Software Inc. 的 TIBCO Spotfire Server:版本 10.
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Server | unspecified ~ 10.10.6 | - | |
| TIBCO Software Inc. | TIBCO Spotfire Server | 11.0.0 | - | |
| TIBCO Software Inc. | TIBCO Spotfire Server | 11.5.0 | - |
II. Public POCs for CVE-2021-43051
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-43051
请登录查看更多情报信息。
- https://www.tibco.com/services/support/advisoriesx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-43051
IV. Related Vulnerabilities
Same vendor: TIBCO Software Inc.
- CVE-2024-1137
TIBCO ActiveSpaces Information Leak Vulnerability - CVE-2024-1138
TIBCO FTL Privilege Escalation - CVE-2023-26222
TIBCO EBX Cross-site Scripting (XXS) Vulnerability - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerabi - CVE-2023-26219
TIBCO Operational Intelligence Hawk RedTail Credential Expos
V. Comments for CVE-2021-43051
No comments yet