CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8989 – TIBCO Spotfire Data Science Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2019-8989
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. El componente del servidor de aplicaciones TIBCO Data Science for AWS y TIBCO Spotfire Data Science, de TIBCO Software Inc., contiene una vulnerabilidad que, en teoría, permite que un usuario suplante la cuenta de otro usuario en el sistema afectado. • http://www.securityfocus.com/bid/107608 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8989 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8988 – TIBCO Spotfire Data Science Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8988
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. El componente del servidor de aplicaciones de TIBCO Data Science for AWS y TIBCO Spotfire Data Science, de TIBCO Software Inc., contiene una vulnerabilidad de Cross-Site Scripting (XSS) persistente que, en teoría, permite que un usuario escale privilegios en el sistema afectado, de forma que permitiría modificar o eliminar datos, algo que debería estar prohibido. • http://www.securityfocus.com/bid/107593 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8988 •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8987 – TIBCO Spotfire Data Science Vulnerable to Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8987
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. El componente del servidor de la aplicación de TIBCO Data Science for AWS y TIBCO Spotfire Data Science, de TIBCO Software Inc., contiene una vulnerabilidad de Cross-Site Scripting (XSS) persistente que, en teoría, permite que un usuario autenticado obtenga acceso a todas las funcionalidades de la interfaz web disponibles para los usuarios con más privilegios. • http://www.securityfocus.com/bid/107595 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-26-2019-tibco-spotfire-data-science-2019-8987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •