Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11207

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Published

2019-08-13T21:15:11.287

Last Modified

2024-11-21T04:20:43.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-79
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tibco	loglogic_enterprise_virtual_appliance	≤ 6.2.1	Yes
Application	tibco	loglogic_log_management_intelligence	≤ 6.2.1	Yes
Operating System	tibco	loglogic_lx825_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx825	-	No
Operating System	tibco	loglogic_lx4025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx4025	-	No
Operating System	tibco	loglogic_mx3025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_mx3025	-	No
Operating System	tibco	loglogic_mx4025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_mx4025	-	No
Operating System	tibco	loglogic_st1025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st1025	-	No
Operating System	tibco	loglogic_st2025-san_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st2025-san	-	No
Operating System	tibco	loglogic_st4025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st4025	-	No
Operating System	tibco	loglogic_lx1025_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx1025	-	No
Operating System	tibco	loglogic_lx1035_firmware	0.0.005	Yes
Hardware	tibco	loglogic_lx1035	-	No
Operating System	tibco	loglogic_lx1025r1_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx1025r1	-	No
Operating System	tibco	loglogic_lx1025r2_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx1025r2	-	No
Operating System	tibco	loglogic_lx4025r1_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx4025r1	-	No
Operating System	tibco	loglogic_lx4025r2_firmware	0.0.004	Yes
Hardware	tibco	loglogic_lx4025r2	-	No
Operating System	tibco	loglogic_lx4035_firmware	0.0.005	Yes
Hardware	tibco	loglogic_lx4035	-	No
Operating System	tibco	loglogic_st2025-sanr1_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st2025-sanr1	-	No
Operating System	tibco	loglogic_st2025-sanr2_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st2025-sanr2	-	No
Operating System	tibco	loglogic_st2035-san_firmware	0.0.005	Yes
Hardware	tibco	loglogic_st2035-san	-	No
Operating System	tibco	loglogic_st4025r1_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st4025r1	-	No
Operating System	tibco	loglogic_st4025r2_firmware	0.0.004	Yes
Hardware	tibco	loglogic_st4025r2	-	No
Operating System	tibco	loglogic_st4035_firmware	0.0.005	Yes
Hardware	tibco	loglogic_st4035	-	No

References

http://www.tibco.com/services/support/advisories Vendor Advisory ([email protected])
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence Vendor Advisory ([email protected])
http://www.tibco.com/services/support/advisories Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)