VAR-201908-1786
Vulnerability from variot - Updated: 2024-11-23 23:08The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1786",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loglogic enterprise virtual appliance",
"scope": "lte",
"trust": 1.8,
"vendor": "tibco",
"version": "6.2.1"
},
{
"model": "loglogic lx1025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx4025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx825",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic mx3025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic mx4025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st1025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st2025-san",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st4025",
"scope": "eq",
"trust": 1.8,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx1025r2",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st2035-san",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.005"
},
{
"model": "loglogic st4035",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.005"
},
{
"model": "loglogic lx4025r1",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx1025r1",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx4025r2",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic lx1035",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.005"
},
{
"model": "loglogic st4025r2",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st4025r1",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic st2025-sanr1",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic log management intelligence",
"scope": "lte",
"trust": 1.0,
"vendor": "tibco",
"version": "6.2.1"
},
{
"model": "loglogic lx4035",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.005"
},
{
"model": "loglogic st2025-sanr2",
"scope": "eq",
"trust": 1.0,
"vendor": "tibco",
"version": "0.0.004"
},
{
"model": "loglogic log management intelligence",
"scope": "eq",
"trust": 0.8,
"vendor": "tibco",
"version": "6.2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:tibco:loglogic_enterprise_virtual_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:tibco:loglogic_log_management_intelligence",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_lx1025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_lx4025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_lx825_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_mx3025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_mx4025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_st1025_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_st2025-san_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tibco:loglogic_st4025_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
}
]
},
"cve": "CVE-2019-11207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-11207",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-142830",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11207",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@tibco.com",
"id": "CVE-2019-11207",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-11207",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-916",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server component of TIBCO Software Inc.\u0027s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11207"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "VULHUB",
"id": "VHN-142830"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11207",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142830",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"id": "VAR-201908-1786",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142830"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:16.429000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisories",
"trust": 0.8,
"url": "https://www.tibco.com/services/support/advisories"
},
{
"title": "TIBCO Security Advisory: August 13, 2019 - TIBCO LogLogic Log Management Intelligence",
"trust": 0.8,
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence"
},
{
"title": "TIBCO LogLogic Enterprise Virtual Appliance and TIBCO LogLogic Log Management Intelligence Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96601"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
},
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.tibco.com/services/support/advisories"
},
{
"trust": 1.7,
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11207"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11207"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-142830"
},
{
"date": "2019-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"date": "2019-08-13T21:15:11.287000",
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-142830"
},
{
"date": "2019-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008024"
},
{
"date": "2019-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-916"
},
{
"date": "2024-11-21T04:20:43.640000",
"db": "NVD",
"id": "CVE-2019-11207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance and TIBCO LogLogic Log Management Intelligence Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-916"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…