PT-2019-19290 · Tibco · Tibco Data Science For Aws+1
Published
2019-03-26
·
Updated
2022-10-14
·
CVE-2019-8987
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
TIBCO Data Science for AWS versions up to and including 6.4.0
TIBCO Spotfire Data Science versions up to and including 6.4.0
Description
The application server component contains a persistent cross-site scripting issue that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users.
Recommendations
For TIBCO Data Science for AWS versions up to and including 6.4.0, update to a version later than 6.4.0 to resolve the issue.
For TIBCO Spotfire Data Science versions up to and including 6.4.0, update to a version later than 6.4.0 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Data Science For Aws
Tibco Spotfire Data Science