Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11207

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 42 products from tibco, from tibco, from tibco and 39 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-08-13T21:15:11.287

Last Modified

2024-11-21T04:20:43.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-79
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application tibco loglogic_enterprise_virtual_appliance ≤ 6.2.1 Yes
Application tibco loglogic_log_management_intelligence ≤ 6.2.1 Yes
Operating System tibco loglogic_lx825_firmware 0.0.004 Yes
Hardware tibco loglogic_lx825 - No
Operating System tibco loglogic_lx4025_firmware 0.0.004 Yes
Hardware tibco loglogic_lx4025 - No
Operating System tibco loglogic_mx3025_firmware 0.0.004 Yes
Hardware tibco loglogic_mx3025 - No
Operating System tibco loglogic_mx4025_firmware 0.0.004 Yes
Hardware tibco loglogic_mx4025 - No
Operating System tibco loglogic_st1025_firmware 0.0.004 Yes
Hardware tibco loglogic_st1025 - No
Operating System tibco loglogic_st2025-san_firmware 0.0.004 Yes
Hardware tibco loglogic_st2025-san - No
Operating System tibco loglogic_st4025_firmware 0.0.004 Yes
Hardware tibco loglogic_st4025 - No
Operating System tibco loglogic_lx1025_firmware 0.0.004 Yes
Hardware tibco loglogic_lx1025 - No
Operating System tibco loglogic_lx1035_firmware 0.0.005 Yes
Hardware tibco loglogic_lx1035 - No
Operating System tibco loglogic_lx1025r1_firmware 0.0.004 Yes
Hardware tibco loglogic_lx1025r1 - No
Operating System tibco loglogic_lx1025r2_firmware 0.0.004 Yes
Hardware tibco loglogic_lx1025r2 - No
Operating System tibco loglogic_lx4025r1_firmware 0.0.004 Yes
Hardware tibco loglogic_lx4025r1 - No
Operating System tibco loglogic_lx4025r2_firmware 0.0.004 Yes
Hardware tibco loglogic_lx4025r2 - No
Operating System tibco loglogic_lx4035_firmware 0.0.005 Yes
Hardware tibco loglogic_lx4035 - No
Operating System tibco loglogic_st2025-sanr1_firmware 0.0.004 Yes
Hardware tibco loglogic_st2025-sanr1 - No
Operating System tibco loglogic_st2025-sanr2_firmware 0.0.004 Yes
Hardware tibco loglogic_st2025-sanr2 - No
Operating System tibco loglogic_st2035-san_firmware 0.0.005 Yes
Hardware tibco loglogic_st2035-san - No
Operating System tibco loglogic_st4025r1_firmware 0.0.004 Yes
Hardware tibco loglogic_st4025r1 - No
Operating System tibco loglogic_st4025r2_firmware 0.0.004 Yes
Hardware tibco loglogic_st4025r2 - No
Operating System tibco loglogic_st4035_firmware 0.0.005 Yes
Hardware tibco loglogic_st4035 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For tibco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.