CVE Published: 14/12/2021 |
CVE Updated: 16/09/2024 |
CVE Year: 2021 Source: tibco |
Vendor: TIBCO Software Inc. |
Product: TIBCO Spotfire Server Status : PUBLISHED
CVE-2021-43051 Description
The Spotfire Server component of TIBCO Software Inc.\'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.
Metrics
CVSS Version: 3.1 |
Base Score: 7.1 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE Name: In the worst case, if the user is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system. Source: TIBCO Software Inc.
Common Attack Pattern Enumeration and Classification (CAPEC)