CVE-2019-11207

Published: Aug 13, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Affected (22)

Tibco

22 products

Loglogic Enterprise Virtual Appliance

Loglogic Log Management Intelligence

Loglogic Lx825 Firmware

Loglogic Lx4025 Firmware

Loglogic Mx3025 Firmware

Loglogic Mx4025 Firmware

Loglogic St1025 Firmware

Loglogic St2025 San Firmware

Loglogic St4025 Firmware

Loglogic Lx1025 Firmware

Loglogic Lx1035 Firmware

Loglogic Lx1025r1 Firmware

Loglogic Lx1025r2 Firmware

Loglogic Lx4025r1 Firmware

Loglogic Lx4025r2 Firmware

Loglogic Lx4035 Firmware

Loglogic St2025 Sanr1 Firmware

Loglogic St2025 Sanr2 Firmware

Loglogic St2035 San Firmware

Loglogic St4025r1 Firmware

Loglogic St4025r2 Firmware

Loglogic St4035 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tibco Loglogic Enterprise Virtual Appliance	Up to 6.2.1
Tibco Loglogic Log Management Intelligence	Up to 6.2.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx825 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx825	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx4025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx4025	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Mx3025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Mx3025	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Mx4025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Mx4025	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St1025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St1025	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St2025 San Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St2025 San	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St4025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St4025	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx1025 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx1025	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx1035 Firmware	Version 0.0.005

Running on/with	Platform Versions
Tibco Loglogic Lx1035	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx1025r1 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx1025r1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx1025r2 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx1025r2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx4025r1 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx4025r1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx4025r2 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic Lx4025r2	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic Lx4035 Firmware	Version 0.0.005

Running on/with	Platform Versions
Tibco Loglogic Lx4035	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St2025 Sanr1 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St2025 Sanr1	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St2025 Sanr2 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St2025 Sanr2	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St2035 San Firmware	Version 0.0.005

Running on/with	Platform Versions
Tibco Loglogic St2035 San	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St4025r1 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St4025r1	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St4025r2 Firmware	Version 0.0.004

Running on/with	Platform Versions
Tibco Loglogic St4025r2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tibco Loglogic St4035 Firmware	Version 0.0.005

Running on/with	Platform Versions
Tibco Loglogic St4035	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence

Source: security@tibco.com

Vendor Advisory

http://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.