Cross site scripting

2019-03-2618:29:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

CPENameOperatorVersion
data_science_for_awsle6.4.0
spotfire_data_sciencele6.4.0

CPE	Name	Operator	Version
	data_science_for_aws	le	6.4.0
	spotfire_data_science	le	6.4.0

References

www.securityfocus.com/bid/107593

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8988