CVE-2019-11207
TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.
El componente del servidor web del dispositivo virtual TIBCO LogLogic Enterprise de TIBCO Software Inc. y TIBCO LogLogic Log Management Intelligence contiene múltiples vulnerabilidades que teóricamente permiten ataques de scripting entre sitios (XSS) persistentes y reflejados, ataques del tipo cross-site request forgery (CSRF) . Este problema afecta a: TIBCO Software Inc. Dispositivo virtual TIBCO LogLogic Enterprise versión 6.2.1 y versiones anteriores. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. Dispositivo TIBCO LogLogic LX825 0.0.004, Dispositivo TIBCO LogLogic LX1025 0.0.004, Dispositivo TIBCO LogLogic LX4025 0.0.004, Dispositivo TIBCO LogLogic MX3025 0.0.004, Dispositivo TIBCO LogLogic MX4025 0.0.004, Dispositivo TIBCO LogLogic ST1025 TIBCO Logic 0.04 Dispositivo ST2025-SAN 0.0.004, y Dispositivo TIBCO LogLogic ST4025 0.0.004 utilizando TIBCO LogLogic Log Management Intelligence versiones 6.2.1 y posteriores. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBL Logic35, TIBL Logic Logic Logic Logicog, TIBCO Logic Logicogl Dispositivo ST2025-SANR1 0.0.004, Dispositivo TIBCO LogLogic ST2025-SANR2 0.0.004, Dispositivo TIBCO LogLogic ST2035-SAN 0.0.005, Dispositivo TIBCO LogLogic ST4025R1 0.0.004, Dispositivo TIBCO LogLogic ST4025R2 0.0.004 y Dispositivo TIBCO LogLogic 0.040 .005 utilizando TIBCO LogLogic Log Management Intelligence versiones 6.2.1 y posteriores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-12 CVE Reserved
- 2019-08-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tibco Search vendor "Tibco" | Loglogic Lx825 Firmware Search vendor "Tibco" for product "Loglogic Lx825 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx825 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx825 Search vendor "Tibco" for product "Loglogic Lx825" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx4025 Firmware Search vendor "Tibco" for product "Loglogic Lx4025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx4025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx4025 Search vendor "Tibco" for product "Loglogic Lx4025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Mx3025 Firmware Search vendor "Tibco" for product "Loglogic Mx3025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Mx3025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Mx3025 Search vendor "Tibco" for product "Loglogic Mx3025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Mx4025 Firmware Search vendor "Tibco" for product "Loglogic Mx4025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Mx4025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Mx4025 Search vendor "Tibco" for product "Loglogic Mx4025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St1025 Firmware Search vendor "Tibco" for product "Loglogic St1025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St1025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St1025 Search vendor "Tibco" for product "Loglogic St1025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St2025-san Firmware Search vendor "Tibco" for product "Loglogic St2025-san Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St2025-san Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St2025-san Search vendor "Tibco" for product "Loglogic St2025-san" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St4025 Firmware Search vendor "Tibco" for product "Loglogic St4025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St4025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St4025 Search vendor "Tibco" for product "Loglogic St4025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx1025 Firmware Search vendor "Tibco" for product "Loglogic Lx1025 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx1025 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx1025 Search vendor "Tibco" for product "Loglogic Lx1025" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx1035 Firmware Search vendor "Tibco" for product "Loglogic Lx1035 Firmware" | 0.0.005 Search vendor "Tibco" for product "Loglogic Lx1035 Firmware" and version "0.0.005" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx1035 Search vendor "Tibco" for product "Loglogic Lx1035" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx1025r1 Firmware Search vendor "Tibco" for product "Loglogic Lx1025r1 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx1025r1 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx1025r1 Search vendor "Tibco" for product "Loglogic Lx1025r1" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx1025r2 Firmware Search vendor "Tibco" for product "Loglogic Lx1025r2 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx1025r2 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx1025r2 Search vendor "Tibco" for product "Loglogic Lx1025r2" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx4025r1 Firmware Search vendor "Tibco" for product "Loglogic Lx4025r1 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx4025r1 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx4025r1 Search vendor "Tibco" for product "Loglogic Lx4025r1" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx4025r2 Firmware Search vendor "Tibco" for product "Loglogic Lx4025r2 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic Lx4025r2 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx4025r2 Search vendor "Tibco" for product "Loglogic Lx4025r2" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Lx4035 Firmware Search vendor "Tibco" for product "Loglogic Lx4035 Firmware" | 0.0.005 Search vendor "Tibco" for product "Loglogic Lx4035 Firmware" and version "0.0.005" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic Lx4035 Search vendor "Tibco" for product "Loglogic Lx4035" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St2025-sanr1 Firmware Search vendor "Tibco" for product "Loglogic St2025-sanr1 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St2025-sanr1 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St2025-sanr1 Search vendor "Tibco" for product "Loglogic St2025-sanr1" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St2025-sanr2 Firmware Search vendor "Tibco" for product "Loglogic St2025-sanr2 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St2025-sanr2 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St2025-sanr2 Search vendor "Tibco" for product "Loglogic St2025-sanr2" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St2035-san Firmware Search vendor "Tibco" for product "Loglogic St2035-san Firmware" | 0.0.005 Search vendor "Tibco" for product "Loglogic St2035-san Firmware" and version "0.0.005" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St2035-san Search vendor "Tibco" for product "Loglogic St2035-san" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St4025r1 Firmware Search vendor "Tibco" for product "Loglogic St4025r1 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St4025r1 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St4025r1 Search vendor "Tibco" for product "Loglogic St4025r1" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St4025r2 Firmware Search vendor "Tibco" for product "Loglogic St4025r2 Firmware" | 0.0.004 Search vendor "Tibco" for product "Loglogic St4025r2 Firmware" and version "0.0.004" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St4025r2 Search vendor "Tibco" for product "Loglogic St4025r2" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic St4035 Firmware Search vendor "Tibco" for product "Loglogic St4035 Firmware" | 0.0.005 Search vendor "Tibco" for product "Loglogic St4035 Firmware" and version "0.0.005" | - |
Affected
| in | Tibco Search vendor "Tibco" | Loglogic St4035 Search vendor "Tibco" for product "Loglogic St4035" | - | - |
Safe
|
| Tibco Search vendor "Tibco" | Loglogic Enterprise Virtual Appliance Search vendor "Tibco" for product "Loglogic Enterprise Virtual Appliance" | <= 6.2.1 Search vendor "Tibco" for product "Loglogic Enterprise Virtual Appliance" and version " <= 6.2.1" | - |
Affected
| ||||||
| Tibco Search vendor "Tibco" | Loglogic Log Management Intelligence Search vendor "Tibco" for product "Loglogic Log Management Intelligence" | <= 6.2.1 Search vendor "Tibco" for product "Loglogic Log Management Intelligence" and version " <= 6.2.1" | - |
Affected
| ||||||