TIBCO Spotfire Data Science Vulnerable to Persistent Cross-Site Scripting
CVE-2019-8987

7.6HIGH

Key Information:

Vendor: Tibco
Status: Tibco Data Science For Aws; Tibco Spotfire Data Science
Vendor: CVE Published:; 26 March 2019

What is CVE-2019-8987?

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

Affected Version(s)

TIBCO Data Science for AWS <= 6.4.0

TIBCO Spotfire Data Science <= 6.4.0

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/03/tibco-se...

x_refsource_MISC

http://www.securityfocus.com/bid/107595

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2019
Vulnerability Reserved
Feb 21, 2019

Tibco

What is CVE-2019-8987?

Affected Version(s)

References

CVSS V3.1

Timeline