8.8
CVE-2019-11207
- EPSS 0.16%
- Published 13.08.2019 21:15:11
- Last modified 21.11.2024 04:20:43
- Source security@tibco.com
- Teams watchlist Login
- Open Login
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.
Data is provided by the National Vulnerability Database (NVD)
Tibco ≫ Loglogic Enterprise Virtual Appliance Version <= 6.2.1
Tibco ≫ Loglogic Log Management Intelligence Version <= 6.2.1
Tibco ≫ Loglogic Lx825 Firmware Version0.0.004
Tibco ≫ Loglogic Lx4025 Firmware Version0.0.004
Tibco ≫ Loglogic Mx3025 Firmware Version0.0.004
Tibco ≫ Loglogic Mx4025 Firmware Version0.0.004
Tibco ≫ Loglogic St1025 Firmware Version0.0.004
Tibco ≫ Loglogic St2025-san Firmware Version0.0.004
Tibco ≫ Loglogic St4025 Firmware Version0.0.004
Tibco ≫ Loglogic Lx1025 Firmware Version0.0.004
Tibco ≫ Loglogic Lx1035 Firmware Version0.0.005
Tibco ≫ Loglogic Lx1025r1 Firmware Version0.0.004
Tibco ≫ Loglogic Lx1025r2 Firmware Version0.0.004
Tibco ≫ Loglogic Lx4025r1 Firmware Version0.0.004
Tibco ≫ Loglogic Lx4025r2 Firmware Version0.0.004
Tibco ≫ Loglogic Lx4035 Firmware Version0.0.005
Tibco ≫ Loglogic St2025-sanr1 Firmware Version0.0.004
Tibco ≫ Loglogic St2025-sanr2 Firmware Version0.0.004
Tibco ≫ Loglogic St2035-san Firmware Version0.0.005
Tibco ≫ Loglogic St4025r1 Firmware Version0.0.004
Tibco ≫ Loglogic St4025r2 Firmware Version0.0.004
Tibco ≫ Loglogic St4035 Firmware Version0.0.005
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.339 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| security@tibco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.