Security Advisory CVE-2019-11207 regarding TIBCO LogLogic LMI
Article ID: KB0108063
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Log Management Intelligence | 6.2.1 and below |
Description
TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities
Original release date: August 13, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* web server
Description
The component listed above contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component.
CVSS v3 Base Score: 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Original release date: August 13, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* web server
Description
The component listed above contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component.
CVSS v3 Base Score: 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Issue/Introduction
Security Advisory CVE-2019-11207 regarding TIBCO LogLogic LMI
Resolution
TIBCO has released updated versions of the affected systems which address these issues:
You can obtain both LMI 6.3.0 and 6.2.1_02 from https://edelivery.tibco.com. To find 6.2.1_02 you must search by a specific hardware model such as "ST1025" then expand the 6.2.1 product entry. The search is not case-sensitive. The 6.2.1_02 patch will not be listed under the LMI EVA product entries.
- If you have TIBCO LogLogic LMI EVA versions 6.2.1 and below then update to version 6.3.0 or higher
- If you have
- TIBCO LogLogic LX825 Appliance 0.0.004,
- TIBCO LogLogic LX1025 Appliance 0.0.004,
- TIBCO LogLogic LX4025 Appliance 0.0.004,
- TIBCO LogLogic MX3025 Appliance 0.0.004,
- TIBCO LogLogic MX4025 Appliance 0.0.004,
- TIBCO LogLogic ST1025 Appliance 0.0.004,
- TIBCO LogLogic ST2025-SAN Appliance 0.0.004 or
- TIBCO LogLogic ST4025 Appliance 0.0.004
- If you have:
- TIBCO LogLogic LX1025R1 Appliance 0.0.004,
- TIBCO LogLogic LX1025R2 Appliance 0.0.004,
- TIBCO LogLogic LX4025R1 Appliance 0.0.004,
- TIBCO LogLogic LX4025R2 Appliance 0.0.004,
- TIBCO LogLogic LX1035 Appliance 0.0.005,
- TIBCO LogLogic LX4035 Appliance 0.0.005,
- TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004,
- TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004,
- TIBCO LogLogic ST2035-SAN Appliance 0.0.005,
- TIBCO LogLogic ST4025R1 Appliance 0.0.004,
- TIBCO LogLogic ST4025R2 Appliance 0.0.004, or
- TIBCO LogLogic ST4035 Appliance 0.0.005
You can obtain both LMI 6.3.0 and 6.2.1_02 from https://edelivery.tibco.com. To find 6.2.1_02 you must search by a specific hardware model such as "ST1025" then expand the 6.2.1 product entry. The search is not case-sensitive. The 6.2.1_02 patch will not be listed under the LMI EVA product entries.
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-11207
CVE-2019-11207
Feedback
Yes
No
Powered by
