Vulnerabilities > Tibco > Spotfire Analyst > 12.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-09 | CVE-2025-3115 | Unspecified vulnerability in Tibco products Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | 9.8 |
| 2023-11-08 | CVE-2023-26221 | Insufficiently Protected Credentials vulnerability in Tibco products The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. | 3.9 |