CVE-2021-43051
CVE-2021-43051 is a high-severity vulnerability in Tibco Spotfire Server with a CVSS 3.x base score of 7.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.1)
- CVSS v2: 8.5
- EPSS exploit prediction: 1% (53rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Tibco Spotfire Server
- Published:
- Last modified:
Description
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.
Frequently asked questions
- What is CVE-2021-43051?
- The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0.
- How severe is CVE-2021-43051?
- CVE-2021-43051 has a CVSS 3.x base score of 7.1, rated high severity. It is exploitable over network with high attack complexity, requires low privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2021-43051 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (53rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-43051?
- CVE-2021-43051 primarily affects Tibco Spotfire Server. In total, 9 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-43051?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-43051 published?
- CVE-2021-43051 was published on 2021-12-14 and last updated on 2026-06-17.
References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2021/12/tibco-security-advisory-december-14-2021-tibco-spotfire-server-2021-43051
Affected products (9)
- cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_server:11.6.0:*:*:*:*:*:*:*
More vulnerabilities in Tibco Spotfire Server
- CVE-2022-41558 — Critical (CVSS 9.0): The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire…
- CVE-2021-28830 — High (CVSS 8.8): The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise…
- CVE-2021-23275 — High (CVSS 8.8): The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO…
- CVE-2020-9408 — High (CVSS 8.8): The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO…
- CVE-2019-11205 — High (CVSS 8.8): The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO…
- CVE-2018-18814 — High (CVSS 8.8): The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS…