CVE-2021-23273

Q: What is the severity of CVE-2021-23273?

CVE-2021-23273 has a CVSS score of 8.0 (HIGH). This vulnerability allows low-privileged attackers with network access to execute stored cross-site scripting (XSS) attacks in TIBCO Spotfire products. Successful exploitation requires human interaction from someone other than the attacker. Affected systems include various versions of TIBCO Spotfire Analyst, Desktop, Server, and Analytics Platform for AWS Marketplace.

8.0 HIGH

Cross-Site Scripting

📋 TL;DR

This vulnerability allows low-privileged attackers with network access to execute stored cross-site scripting (XSS) attacks in TIBCO Spotfire products. Successful exploitation requires human interaction from someone other than the attacker. Affected systems include various versions of TIBCO Spotfire Analyst, Desktop, Server, and Analytics Platform for AWS Marketplace.

💻 Affected Systems

Products:

TIBCO Spotfire Analyst
TIBCO Spotfire Analytics Platform for AWS Marketplace
TIBCO Spotfire Desktop
TIBCO Spotfire Server

Versions: Multiple versions including 10.3.3 and below, 10.7.0-11.1.0 with specific exclusions

Operating Systems: Not specified, likely all supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects the client component. Specific version patterns vary by product - check advisory for exact affected versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, credentials, or sensitive data from authenticated users, potentially leading to account takeover, data exfiltration, or further system compromise.

🟠

Likely Case

Attackers could perform session hijacking, deface content, or redirect users to malicious sites, compromising user accounts and data confidentiality.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute malicious scripts, limiting impact to benign payload display.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires low-privileged network access and human interaction (victim must interact with malicious content). Stored XSS means payload persists in the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after those listed in affected versions - check specific product advisory

Vendor Advisory: https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire

Restart Required: Yes

Instructions:

1. Review TIBCO advisory for specific fixed versions. 2. Apply vendor-provided patches or upgrade to non-vulnerable versions. 3. Restart affected services. 4. Test functionality after patching.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement strict input validation and proper output encoding for user-controllable data

Content Security Policy

all

Implement Content Security Policy headers to restrict script execution

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block XSS payloads
Restrict network access to Spotfire applications to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check Spotfire version against affected versions list in TIBCO advisory

Check Version:

Check within Spotfire application interface or consult product documentation

Verify Fix Applied:

Verify installed version is not in affected versions list and test XSS payloads are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in user inputs
Multiple failed XSS attempts

Network Indicators:

Suspicious script payloads in HTTP requests to Spotfire endpoints

SIEM Query:

web_requests WHERE (uri CONTAINS 'spotfire' AND (body CONTAINS '<script>' OR body CONTAINS 'javascript:'))

📊 Metadata

CVE ID: CVE-2021-23273

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: March 9, 2021

Last Updated: November 21, 2024

🔗 References

http://www.tibco.com/services/support/advisories Vendor Advisory
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire Vendor Advisory
http://www.tibco.com/services/support/advisories Vendor Advisory
https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Analytics Platform by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Analyst by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Desktop by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

Spotfire Server by Tibco

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation and Output Encoding

Content Security Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities