CVE-2019-11207

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Published : 2019-08-13 21:15 Updated : 2019-08-21 17:48

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Tibco Loglogic Enterprise Virtual Appliance 6.2.1 cpe:/a:tibco:loglogic_enterprise_virtual_appliance:6.2.1
Tibco Loglogic Log Management Intelligence 6.2.1 cpe:/a:tibco:loglogic_log_management_intelligence:6.2.1
Tibco Loglogic Lx1025 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx1025_firmware:0.0.004
Tibco Loglogic Lx1025r1 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx1025r1_firmware:0.0.004
Tibco Loglogic Lx1025r2 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx1025r2_firmware:0.0.004
Tibco Loglogic Lx1035 Firmware 0.0.005 cpe:/o:tibco:loglogic_lx1035_firmware:0.0.005
Tibco Loglogic Lx4025 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx4025_firmware:0.0.004
Tibco Loglogic Lx4025r1 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx4025r1_firmware:0.0.004
Tibco Loglogic Lx4025r2 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx4025r2_firmware:0.0.004
Tibco Loglogic Lx4035 Firmware 0.0.005 cpe:/o:tibco:loglogic_lx4035_firmware:0.0.005
Tibco Loglogic Lx825 Firmware 0.0.004 cpe:/o:tibco:loglogic_lx825_firmware:0.0.004
Tibco Loglogic Mx3025 Firmware 0.0.004 cpe:/o:tibco:loglogic_mx3025_firmware:0.0.004
Tibco Loglogic Mx4025 Firmware 0.0.004 cpe:/o:tibco:loglogic_mx4025_firmware:0.0.004
Tibco Loglogic St1025 Firmware 0.0.004 cpe:/o:tibco:loglogic_st1025_firmware:0.0.004
Tibco Loglogic St2025-san Firmware 0.0.004 cpe:/o:tibco:loglogic_st2025-san_firmware:0.0.004
Tibco Loglogic St2025-sanr1 Firmware 0.0.004 cpe:/o:tibco:loglogic_st2025-sanr1_firmware:0.0.004
Tibco Loglogic St2025-sanr2 Firmware 0.0.004 cpe:/o:tibco:loglogic_st2025-sanr2_firmware:0.0.004
Tibco Loglogic St2035-san Firmware 0.0.005 cpe:/o:tibco:loglogic_st2035-san_firmware:0.0.005
Tibco Loglogic St4025 Firmware 0.0.004 cpe:/o:tibco:loglogic_st4025_firmware:0.0.004
Tibco Loglogic St4025r1 Firmware 0.0.004 cpe:/o:tibco:loglogic_st4025r1_firmware:0.0.004
Tibco Loglogic St4025r2 Firmware 0.0.004 cpe:/o:tibco:loglogic_st4025r2_firmware:0.0.004
Tibco Loglogic St4035 Firmware 0.0.005 cpe:/o:tibco:loglogic_st4035_firmware:0.0.005
  1. Tibco (22) Search CVE
    1. Loglogic Lx4025r2 Firmware (1) Search CVE
      1. 0.0.004
    2. Loglogic Lx4035 Firmware (1) Search CVE
      1. 0.0.005
    3. Loglogic Lx825 Firmware (1) Search CVE
      1. 0.0.004
    4. Loglogic St2025-san Firmware (1) Search CVE
      1. 0.0.004
    5. Loglogic St2025-sanr1 Firmware (1) Search CVE
      1. 0.0.004
    6. Loglogic Lx1025r1 Firmware (1) Search CVE
      1. 0.0.004
    7. Loglogic Log Management Intelligence (1) Search CVE
      1. 6.2.1
    8. Loglogic Lx4025r1 Firmware (1) Search CVE
      1. 0.0.004
    9. Loglogic St4035 Firmware (1) Search CVE
      1. 0.0.005
    10. Loglogic St2025-sanr2 Firmware (1) Search CVE
      1. 0.0.004
    11. Loglogic Lx4025 Firmware (1) Search CVE
      1. 0.0.004
    12. Loglogic Lx1025 Firmware (1) Search CVE
      1. 0.0.004
    13. Loglogic Mx4025 Firmware (1) Search CVE
      1. 0.0.004
    14. Loglogic Lx1025r2 Firmware (1) Search CVE
      1. 0.0.004
    15. Loglogic St2035-san Firmware (1) Search CVE
      1. 0.0.005
    16. Loglogic St4025 Firmware (1) Search CVE
      1. 0.0.004
    17. Loglogic St1025 Firmware (1) Search CVE
      1. 0.0.004
    18. Loglogic Enterprise Virtual Appliance (1) Search CVE
      1. 6.2.1
    19. Loglogic St4025r1 Firmware (1) Search CVE
      1. 0.0.004
    20. Loglogic Lx1035 Firmware (1) Search CVE
      1. 0.0.005
    21. Loglogic Mx3025 Firmware (1) Search CVE
      1. 0.0.004
    22. Loglogic St4025r2 Firmware (1) Search CVE
      1. 0.0.004

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-08-21 17:48
2019-08-13 22:15
2019-08-13 21:15

New CVE