Vulnerability Details : CVE-2019-8987
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2019-8987
- cpe:2.3:a:tibco:data_science_for_aws:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:spotfire_data_science:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-8987
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8987
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
|
7.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L |
2.1
|
5.5
|
TIBCO Software Inc. | |
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2019-8987
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-8987
-
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987
TIBCO Security Advisory: March 26, 2019 - TIBCO Spotfire Data Science - 2019-8987 | TIBCO SoftwareVendor Advisory
-
http://www.tibco.com/services/support/advisories
Advisory | TIBCO SoftwareVendor Advisory
Jump to