CVE-2022-30575

{"id": "CVE-2022-30575", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2022-08-16T18:15:08.770", "references": [{"url": "https://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2022/08/tibco-security-advisory-august-16-2022-tibco-statistica-cve-2022-30575", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below."}, {"lang": "es", "value": "El componente Web Console de TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, y TIBCO Statistica Trial, contiene vulnerabilidades de tipo Cross Site Scripting (XSS) Reflejado f\u00e1cilmente explotables que permiten a un atacante poco privilegiado y acceso a la red ejecutar scripts dirigidos al sistema afectado o al sistema local de la v\u00edctima. Las versiones afectadas son TIBCO Data Science - Workbench de TIBCO Software Inc.: versiones 14.0.0 y posteriores, TIBCO Statistica: versiones 14.0.0 y anteriores, TIBCO Statistica - Estore Edition: versiones 14.0.0 y anteriores, y TIBCO Statistica Trial: versiones 14.0.0 y anteriores."}], "lastModified": "2022-08-17T14:42:08.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:data_science_-_workbench:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D855A85D-14CE-4949-801F-6BF82ABA7FAB", "versionEndExcluding": "14.0.1"}, {"criteria": "cpe:2.3:a:tibco:statistica:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8E8BB-7888-425F-94B7-AABD551936D0", "versionEndExcluding": "14.0.1"}, {"criteria": "cpe:2.3:a:tibco:statistica:*:*:*:*:estore:*:*:*", "vulnerable": true, "matchCriteriaId": "FC6C3BB5-C22F-4093-AC97-77A4518583F6", "versionEndExcluding": "14.0.1"}, {"criteria": "cpe:2.3:a:tibco:statistica:*:*:*:*:trial:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC6763F-7A0A-4A07-858F-53BF7BF2C078", "versionEndExcluding": "14.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}