XSS in Tibco Spotfire_analyst
CVE-2022-41558
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spot…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.005 (39.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Tibco Spotfire_analyst — versions 11.5.0, 11.6.0, 11.7.0
- Tibco Spotfire_analytics_platform
- Tibco Spotfire_desktop — versions 11.5.0, 11.6.0, 11.7.0
- Tibco Spotfire_server — versions 11.5.0, 11.6.0, 11.6.1
- Tibco Software Inc. Spotfire Analyst — versions unspecified, 11.5.0, 11.6.0
- Tibco Software Inc. Spotfire Analytics Platform For Aws Marketplace — versions unspecified
- Tibco Software Inc. Spotfire Desktop — versions unspecified, 11.5.0, 11.6.0
- Tibco Software Inc. Spotfire Server — versions unspecified, 11.5.0, 11.6.0
Weakness classification (CWE)
References
- security@tibco.com (Vendor Advisory)
- security@tibco.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-41558?
- CVE-2022-41558 is a critical-severity vulnerability in Tibco Spotfire_analyst, classified under Cross-site Scripting. CVSS score: 9.0/10. Published 2022-11-15.
- How severe is CVE-2022-41558?
- Critical severity. CVSS v3 base score is 9.0 out of 10.