CVE-2019-11204

HIGH

TIBCO Spotfire Statistics Services <7.11.1-10.0.0 - Info Disclosure

Title source: llm

Description

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://www.tibco.com/services/support/advisories

Vendor Advisory x_refsource_misc

https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108347

Scores

CVSS v3 8.8

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

tibco/spotfire_statistics_services 10.0.0

tibco/spotfire_statistics_services < 7.11.1

Published May 14, 2019

Tracked Since Feb 18, 2026