Vulnerability Description
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Statistics Services | <= 7.11.1 |
References
- http://www.securityfocus.com/bid/108347Broken LinkThird Party AdvisoryVDB Entry
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-Vendor Advisory
- http://www.securityfocus.com/bid/108347Broken LinkThird Party AdvisoryVDB Entry
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-Vendor Advisory
FAQ
What is CVE-2019-11204?
CVE-2019-11204 is a vulnerability with a CVSS score of 8.8 (HIGH). The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information ne...
How severe is CVE-2019-11204?
CVE-2019-11204 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11204?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Statistics Services.