CVE-2019-11204 — Software INC Tibco Spotfire Statistics Services vulnerability

2 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Statistics Services Tibco Spotfire Statistics Services

Timeline

PublishedMay 14

Latest updateMay 24

Description

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_statistics_servicesunspecified — 7.11.1+1

▶NVDtibco/spotfire_statistics_services7.11.1+1

🔴Vulnerability Details

GHSA

GHSA-7w35-hxm5-m9pf: The web interface component of TIBCO Software Inc↗2022-05-24

▶