SB2021063028 - Multiple vulnerabilities in TIBCO Software

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2021-28830)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components search for run-time artifacts outside of the installation hierarchy. A local user can insert malicious software and gain full access to the Windows operating system.

2) Improper access control (CVE-ID: CVE-2021-23275)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to a lack of access restrictions on certain files and/or folders in the installation within the Windows Installation component. A local user can insert malicious software and gain full access to the Windows operating system.

Remediation

Install update from vendor's website.

References

• http://www.tibco.com/services/support/advisories
• https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire-2021-28830
• https://www.tibco.com/support/advisories/2021/06/tibco-security-advisory-june-29-2021-tibco-spotfire...