The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/107595 | Broken Link Third Party Advisory VDB Entry |
| http://www.tibco.com/services/support/advisories | Vendor Advisory |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987 | Vendor Advisory |
| http://www.securityfocus.com/bid/107595 | Broken Link Third Party Advisory VDB Entry |
| http://www.tibco.com/services/support/advisories | Vendor Advisory |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/107595 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () http://www.tibco.com/services/support/advisories - Vendor Advisory | |
| References | () https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987 - Vendor Advisory |
Information
Published : 2019-03-26 18:29
Updated : 2024-11-21 04:50
NVD link : CVE-2019-8987
Mitre link : CVE-2019-8987
CVE.ORG link : CVE-2019-8987
JSON object : View
Products Affected
tibco
- spotfire_data_science
- data_science_for_aws
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')