Vulnerability Details : CVE-2019-11204
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
Products affected by CVE-2019-11204
- cpe:2.3:a:tibco:spotfire_statistics_services:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_statistics_services:10.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11204
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11204
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
TIBCO Software Inc. | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2019-11204
-
https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204
TIBCO Security Advisory: May 14, 2019 - TIBCO Spotfire Statistics Services - 2019-11204 | TIBCO SoftwareVendor Advisory
-
http://www.tibco.com/services/support/advisories
Advisory | TIBCO SoftwareVendor Advisory
-
http://www.securityfocus.com/bid/108347
TIBCO Spotfire Statistics Services CVE-2019-11204 Information Disclosure VulnerabilityBroken Link;Third Party Advisory;VDB Entry
Jump to