TIBCO Spotfire Data Science Privilege Escalation Vulnerability
CVE-2019-8988
6.5MEDIUM
Key Information:
- Vendor
- Tibco
- Vendor
- CVE Published:
- 26 March 2019
Summary
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
Affected Version(s)
TIBCO Data Science for AWS <= 6.4.0
TIBCO Spotfire Data Science <= 6.4.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved