CVE-2022-41558— TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability

TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

N/A

TIBCO Software Spotfire Server 跨站脚本漏洞

TIBCO Software Spotfire Server是美国TIBCO Software公司的一套基于TIBCO Spotfire（数据分析和挖掘工具）的为企业提供整合、运行和管理的平台。 TIBCO Spotfire Analyst、TIBCO Spotfire Desktop和TIBCO Spotfire Server存在安全漏洞，该漏洞源于允许具有网络访问权的低权限攻击者在受影响系统上执行存储型跨站脚本(XSS)，成功利用该漏洞攻击者能够以受影响用户的权限执行命令。

N/A

N/A