AVID-2026-R1040

Description

TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability (CVE-2022-30575)

Details

The Web Console component of TIBCO Software Inc.’s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.

Reason for inclusion in AVID: The CVE describes a reflected Cross-Site Scripting (XSS) vulnerability in the Web Console components of TIBCO Data Science - Workbench and TIBCO Statistica, a data science/AI platform. This is a software vulnerability in a component that can be used in AI/ML workflows (data prep, analytics, model development). It affects software used to build/deploy/run AI systems, i.e., a relevant supply-chain component, and it is a genuine security vulnerability (remote exploitation with user interaction). The report provides explicit CVE details, affected products/versions, impact, and CVSS metrics, satisfying evidence requirements.

References

• NVD entry
• https://www.tibco.com/services/support/advisories
• https://www.tibco.com/support/advisories/2022/08/tibco-security-advisory-august-16-2022-tibco-statistica-cve-2022-30575

Affected or Relevant Artifacts

• Developer: TIBCO Software Inc.
• Deployer: TIBCO Software Inc.
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-08-16
• Version: 0.3.3
• AVID Entry