CVE-2019-8987

MEDIUM

TIBCO Data Science for AWS and Spotfire Data Science <= 6.4.0 - Authenticated Stored Cross-Site Scripting

Title source: llm

Description

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://www.tibco.com/services/support/advisories

Vendor Advisory x_refsource_misc

https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/107595

Scores

CVSS v3 5.4

EPSS 0.0036

EPSS Percentile 58.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

tibco/data_science_for_aws < 6.4.0

tibco/spotfire_data_science < 6.4.0

Published Mar 26, 2019

Tracked Since Feb 18, 2026