Spotfire Statistics Services
CVE-2019-11204
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
AnalysisAI
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0. Affected products include: Tibco Spotfire Statistics Services.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Spotfire Statistics Services
View allThe Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that all
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing th
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtim
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enter
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today