Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-28830

Published: Jun 29, 2021 | Modified: Nov 07, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-28830
CWEhttps://cwe.mitre.org/data/definitions/.html

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.

Affected Software

Name Vendor Start Version End Version
Enterprise_runtime_for_r Tibco * 1.2.4 (including)
Enterprise_runtime_for_r Tibco 1.3.0 (including) 1.3.0 (including)
Enterprise_runtime_for_r Tibco 1.3.1 (including) 1.3.1 (including)
Enterprise_runtime_for_r Tibco 1.4.0 (including) 1.4.0 (including)
Enterprise_runtime_for_r Tibco 1.5.0 (including) 1.5.0 (including)
Enterprise_runtime_for_r Tibco 1.6.0 (including) 1.6.0 (including)
Spotfire_analytics_platform Tibco * 11.3.0 (including)
Spotfire_server Tibco * 10.3.12 (including)
Spotfire_server Tibco 10.4.0 (including) 10.4.0 (including)
Spotfire_server Tibco 10.5.0 (including) 10.5.0 (including)
Spotfire_server Tibco 10.6.0 (including) 10.6.0 (including)
Spotfire_server Tibco 10.6.1 (including) 10.6.1 (including)
Spotfire_server Tibco 10.7.0 (including) 10.7.0 (including)
Spotfire_server Tibco 10.8.0 (including) 10.8.0 (including)
Spotfire_server Tibco 10.8.1 (including) 10.8.1 (including)
Spotfire_server Tibco 10.9.0 (including) 10.9.0 (including)
Spotfire_server Tibco 10.10.0 (including) 10.10.0 (including)
Spotfire_server Tibco 10.10.1 (including) 10.10.1 (including)
Spotfire_server Tibco 10.10.2 (including) 10.10.2 (including)
Spotfire_server Tibco 10.10.3 (including) 10.10.3 (including)
Spotfire_server Tibco 10.10.4 (including) 10.10.4 (including)
Spotfire_server Tibco 11.0.0 (including) 11.0.0 (including)
Spotfire_server Tibco 11.1.0 (including) 11.1.0 (including)
Spotfire_server Tibco 11.2.0 (including) 11.2.0 (including)
Spotfire_server Tibco 11.3.0 (including) 11.3.0 (including)
Spotfire_statistics_services Tibco * 10.3.0 (including)
Spotfire_statistics_services Tibco 10.10.0 (including) 10.10.0 (including)
Spotfire_statistics_services Tibco 10.10.1 (including) 10.10.1 (including)
Spotfire_statistics_services Tibco 10.10.2 (including) 10.10.2 (including)
Spotfire_statistics_services Tibco 11.1.0 (including) 11.1.0 (including)
Spotfire_statistics_services Tibco 11.2.0 (including) 11.2.0 (including)
Spotfire_statistics_services Tibco 11.3.0 (including) 11.3.0 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use