Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-11207
HistoryAug 13, 2019 - 9:15 p.m.

CVE-2019-11207

2019-08-1321:15:11
CWE-352
CWE-79
[email protected]
web.nvd.nist.gov
24
tibco
loglogic
appliance
cve
2019
11207
xss
csrf
nvd
security
vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Affected configurations

NVD
Node
tibcologlogic_enterprise_virtual_applianceRange6.2.1
OR
tibcologlogic_log_management_intelligenceRange6.2.1
Node
tibcologlogic_lx825_firmwareMatch0.0.004
AND
tibcologlogic_lx825Match-
Node
tibcologlogic_lx4025_firmwareMatch0.0.004
AND
tibcologlogic_lx4025Match-
Node
tibcologlogic_mx3025_firmwareMatch0.0.004
AND
tibcologlogic_mx3025Match-
Node
tibcologlogic_mx4025_firmwareMatch0.0.004
AND
tibcologlogic_mx4025Match-
Node
tibcologlogic_st1025_firmwareMatch0.0.004
AND
tibcologlogic_st1025Match-
Node
tibcologlogic_st2025-san_firmwareMatch0.0.004
AND
tibcologlogic_st2025-sanMatch-
Node
tibcologlogic_st4025_firmwareMatch0.0.004
AND
tibcologlogic_st4025Match-
Node
tibcologlogic_lx1025_firmwareMatch0.0.004
AND
tibcologlogic_lx1025Match-
Node
tibcologlogic_lx1035_firmwareMatch0.0.005
AND
tibcologlogic_lx1035Match-
Node
tibcologlogic_lx1025r1_firmwareMatch0.0.004
AND
tibcologlogic_lx1025r1Match-
Node
tibcologlogic_lx1025r2_firmwareMatch0.0.004
AND
tibcologlogic_lx1025r2Match-
Node
tibcologlogic_lx4025r1_firmwareMatch0.0.004
AND
tibcologlogic_lx4025r1Match-
Node
tibcologlogic_lx4025r2_firmwareMatch0.0.004
AND
tibcologlogic_lx4025r2Match-
Node
tibcologlogic_lx4035_firmwareMatch0.0.005
AND
tibcologlogic_lx4035Match-
Node
tibcologlogic_st2025-sanr1_firmwareMatch0.0.004
AND
tibcologlogic_st2025-sanr1Match-
Node
tibcologlogic_st2025-sanr2_firmwareMatch0.0.004
AND
tibcologlogic_st2025-sanr2Match-
Node
tibcologlogic_st2035-san_firmwareMatch0.0.005
AND
tibcologlogic_st2035-sanMatch-
Node
tibcologlogic_st4025r1_firmwareMatch0.0.004
AND
tibcologlogic_st4025r1Match-
Node
tibcologlogic_st4025r2_firmwareMatch0.0.004
AND
tibcologlogic_st4025r2Match-
Node
tibcologlogic_st4035_firmwareMatch0.0.005
AND
tibcologlogic_st4035Match-

CNA Affected

[
  {
    "product": "TIBCO LogLogic Enterprise Virtual Appliance",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO LogLogic Log Management Intelligence",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.1"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2019-11207 TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities
2019-08-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-08-13 21:15:00
nvd
nvd
CVE-2019-11207
2019-08-13 21:15:11

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON
Related for CVE-2019-11207
cvelist1prion1nvd1