Vulnerability Description
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Data Science For Aws | <= 6.4.0 |
| Tibco | Spotfire Data Science | <= 6.4.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107595Broken LinkThird Party AdvisoryVDB Entry
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-2Vendor Advisory
- http://www.securityfocus.com/bid/107595Broken LinkThird Party AdvisoryVDB Entry
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-2Vendor Advisory
FAQ
What is CVE-2019-8987?
CVE-2019-8987 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows...
How severe is CVE-2019-8987?
CVE-2019-8987 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8987?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Data Science For Aws, Tibco Spotfire Data Science.