TIBCO Spotfire Data Science Spoofing Vulnerability
CVE-2019-8989

5MEDIUM

Key Information:

Vendor
Tibco
Status
Tibco Data Science For Aws
Tibco Spotfire Data Science
Vendor
CVE Published:
26 March 2019

Summary

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

Affected Version(s)

TIBCO Data Science for AWS <= 6.4.0

TIBCO Spotfire Data Science <= 6.4.0

References

http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/03/tibco-se...
x_refsource_MISC
http://www.securityfocus.com/bid/107608
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.