TIBCO Spotfire Data Science Privilege Escalation Vulnerability
CVE-2019-8988

6.5MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Data Science For Aws; Tibco Spotfire Data Science
Vendor: CVE Published:; 26 March 2019

What is CVE-2019-8988?

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

Affected Version(s)

TIBCO Data Science for AWS <= 6.4.0

TIBCO Spotfire Data Science <= 6.4.0

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/03/tibco-se...

x_refsource_MISC

http://www.securityfocus.com/bid/107593

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2019
Vulnerability Reserved
Feb 21, 2019

Tibco

What is CVE-2019-8988?

Affected Version(s)

References

CVSS V3.1

Timeline