Main Vulnerability Database Vulnerabilities #VU20357

#VU20357 Cross-site request forgery in TIBCO products - CVE-2019-11207

Published: August 22, 2019

Vulnerability identifier: #VU20357

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-11207

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TIBCO LogLogic ST4035 Appliance
TIBCO LogLogic ST4025R2 Appliance
TIBCO LogLogic ST4025R1 Appliance
TIBCO LogLogic ST2035-SAN Appliance
TIBCO LogLogic ST2025-SANR2 Appliance
TIBCO LogLogic ST2025-SANR1 Appliance
TIBCO LogLogic LX4035 Appliance
TIBCO LogLogic LX4025R2 Appliance
TIBCO LogLogic LX4025R1 Appliance
TIBCO LogLogic LX1025R2 Appliance
TIBCO LogLogic LX1025R1 Appliance
TIBCO LogLogic LX1035 Appliance
TIBCO LogLogic ST4025 Appliance
TIBCO LogLogic ST2025-SAN Appliance
TIBCO LogLogic ST1025 Appliance
TIBCO LogLogic MX4025 Appliance
TIBCO LogLogic MX3025 Appliance
TIBCO LogLogic LX4025 Appliance
TIBCO LogLogic LX1025 Appliance
TIBCO LogLogic LX825 Appliance
TIBCO LogLogic Log Management Intelligence
TIBCO LogLogic Enterprise Virtual Appliance

Software vendor:
TIBCO

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform administrative functions provided by the web interface of the affected component.

Remediation

Install update from vendor's website.

#VU20357 Cross-site request forgery in TIBCO products - CVE-2019-11207

Description

Remediation

External links

Please verify you're human