CVE-2022-30575— TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-30575
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TIBCO Software Data Science和Statistica 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TIBCO Software Data Science和TIBCO Software Statistica都是美国TIBCO Software公司的产品。TIBCO Software Data Science是一款数据科学软件。简化了跨混合生态系统的数据科学和机器学习。TIBCO Software Statistica是一个全面开放的高级分析平台。可帮助企业自动化日常任务和扩展分析。 TIBCO Software Data Science和Statistica 存在跨站脚本漏洞。攻击者利用该漏洞执行跨站脚
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Science - Workbench | unspecified ~ 14.0.0 | - | |
| TIBCO Software Inc. | TIBCO Statistica | unspecified ~ 14.0.0 | - | |
| TIBCO Software Inc. | TIBCO Statistica - Estore Edition | unspecified ~ 14.0.0 | - | |
| TIBCO Software Inc. | TIBCO Statistica Trial | unspecified ~ 14.0.0 | - |
II. Public POCs for CVE-2022-30575
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-30575
请登录查看更多情报信息。
- https://www.tibco.com/services/support/advisoriesx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-30575
IV. Related Vulnerabilities
Same vendor: TIBCO Software Inc.
- CVE-2024-1137
TIBCO ActiveSpaces Information Leak Vulnerability - CVE-2024-1138
TIBCO FTL Privilege Escalation - CVE-2023-26222
TIBCO EBX Cross-site Scripting (XXS) Vulnerability - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerabi - CVE-2023-26219
TIBCO Operational Intelligence Hawk RedTail Credential Expos
V. Comments for CVE-2022-30575
No comments yet