CVE-2022-41558

MEDIUM
Published Nov 15, 20223y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Nov 15, 2022 3y ago
Last Modified Jun 17, 2026 1w ago

Description

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 29

VendorProductVersionRange
tibcospotfire_analyst* ≤11.4.4
tibcospotfire_analyst11.5.0any
tibcospotfire_analyst11.6.0any
tibcospotfire_analyst11.7.0any
tibcospotfire_analyst11.8.0any
tibcospotfire_analyst12.0.0any
tibcospotfire_analyst12.0.1any
tibcospotfire_analyst12.1.0any
tibcospotfire_analytics_platform* ≤12.1.0
tibcospotfire_desktop* ≤11.4.4
tibcospotfire_desktop11.5.0any
tibcospotfire_desktop11.6.0any
tibcospotfire_desktop11.7.0any
tibcospotfire_desktop11.8.0any
tibcospotfire_desktop12.0.0any
tibcospotfire_desktop12.0.1any
tibcospotfire_desktop12.1.0any
tibcospotfire_server* ≤11.4.8
tibcospotfire_server11.5.0any
tibcospotfire_server11.6.0any
tibcospotfire_server11.6.1any
tibcospotfire_server11.6.2any
tibcospotfire_server11.6.3any
tibcospotfire_server11.7.0any
tibcospotfire_server11.8.0any
tibcospotfire_server11.8.1any
tibcospotfire_server12.0.0any
tibcospotfire_server12.0.1any
tibcospotfire_server12.1.0any

References 2

  • tibco.com https://www.tibco.com/services/support/advisories
    Vendor Advisory
  • tibco.com https://www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.