CVE-2023-26221

LOW Year: 2023
CVSS v3 Score
3.9
Low
Weakness Type
CWE-522
View all →

Vulnerability Description

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.

Related Vulnerabilities

CVE-2020-7299

MEDIUM
CVSS:4.1(Medium)

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges t...

CWE-5222020

CVE-2021-20434

MEDIUM
CVSS:4.1(Medium)

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.

CWE-5222021

CVE-2024-11856

LOW
CVSS:3.7(Low)

A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.

CWE-5222024

CVE-2024-30119

LOW
CVSS:3.7(Low)

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.

CWE-5222024

CVE-2019-0178

LOW
CVSS:3.6(Low)

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

CWE-5222019

CVE-2018-12038

MEDIUM
CVSS:4.2(Medium)

An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.

CWE-5222018