TIBCO Spotfire Statistics Services Exposes Sensitive Files
CVE-2019-11204

9.9CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Spotfire Statistics Services
Vendor: CVE Published:; 14 May 2019

What is CVE-2019-11204?

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.

Affected Version(s)

TIBCO Spotfire Statistics Services <= 7.11.1

TIBCO Spotfire Statistics Services 10.0.0

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/05/tibco-se...

x_refsource_MISC

http://www.securityfocus.com/bid/108347

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2019
Vulnerability Reserved
Apr 12, 2019

Tibco

What is CVE-2019-11204?

Affected Version(s)

References

CVSS V3.1

Timeline