CVE-2019-8987 Information

Feb 14, 2021 cve

Description

The application server component of TIBCO Software Inc.’s TIBCO Data Science for AWS and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.’s TIBCO Data Science for AWS: versions up to and including 6.4.0 and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/107595 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: