TibcoCVELIST:CVE-2019-8989CVE-2019-8989 TIBCO Spotfire Data Science Spoofing Vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
36.8%
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.
CNA Affected
[
{
"product": "TIBCO Data Science for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Data Science",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
36.8%