high
8.8
CWE
79 352
Advisory Published
Updated

CVE-2019-11207: TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities

First published: Tue Aug 13 2019(Updated: )

The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.

Credit: security@tibco.com

Affected SoftwareAffected VersionHow to fix
TIBCO LogLogic Enterprise Virtual Appliance<=6.2.1
TIBCO LogLogic Log Management Intelligence<=6.2.1
Tibco Loglogic Lx825 Firmware=0.0.004
TIBCO LogLogic LX825
Tibco Loglogic Lx4025 Firmware=0.0.004
TIBCO LogLogic LX4025 R2
Tibco Loglogic Mx3025 Firmware=0.0.004
TIBCO LogLogic MX3025
TIBCO LogLogic MX4025=0.0.004
TIBCO LogLogic MX4025
Tibco Loglogic ST1025 Firmware=0.0.004
TIBCO LogLogic ST1025
Tibco Loglogic ST2025-san Firmware=0.0.004
TIBCO LogLogic ST2025-SANR2
Tibco Loglogic ST4025 Firmware=0.0.004
TIBCO LogLogic ST4025R1
Tibco Loglogic Lx1025 Firmware=0.0.004
TIBCO LogLogic LX1025R2
Tibco Loglogic Lx1035 Firmware=0.0.005
TIBCO LogLogic LX1035
Tibco Loglogic Lx1025r1 Firmware=0.0.004
TIBCO LogLogic
Tibco Loglogic Lx1025r2 Firmware=0.0.004
TIBCO LogLogic
Tibco Loglogic Lx4025r1 Firmware=0.0.004
TIBCO LogLogic LX4025
Tibco LogLogic LX4025 R2=0.0.004
TIBCO LogLogic LX4025
Tibco Loglogic Lx4035 Firmware=0.0.005
TIBCO LogLogic LX4035
TIBCO LogLogic ST2025-SANR1=0.0.004
TIBCO LogLogic ST2025-SANR1
Tibco Loglogic ST2025-sanr2 Firmware=0.0.004
TIBCO LogLogic ST2025-SANR2
Tibco Loglogic ST2035-san Firmware=0.0.005
TIBCO LogLogic ST2035-SAN
Tibco Loglogic St4025 Firmware=0.0.004
TIBCO LogLogic
Tibco Loglogic ST4025 Firmware=0.0.004
TIBCO LogLogic ST4025R2
Tibco Loglogic ST4035 Firmware=0.0.005
TIBCO LogLogic ST4035

Remedy

TIBCO has released updated versions of the affected systems which address these issues. TIBCO LogLogic Enterprise Virtual Appliance versions 6.2.1 and below update to version 6.3.0 or higher. TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below update to version 6.3.0 or higher. Appliances TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below update to 6.2.1_02 or higher compatible version (below 6.3.0). Appliances TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below update to 6.3.0 or higher.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-11207?

    The severity of CVE-2019-11207 is classified as High, indicating a significant potential impact.

  • How do I fix CVE-2019-11207?

    To fix CVE-2019-11207, upgrade the TIBCO LogLogic Enterprise Virtual Appliance and TIBCO LogLogic Log Management Intelligence to version 6.2.2 or later.

  • What types of attacks are associated with CVE-2019-11207?

    CVE-2019-11207 is associated with persistent and reflected cross-site scripting (XSS) attacks, which can compromise user sessions.

  • Which versions of TIBCO software are affected by CVE-2019-11207?

    The affected versions for CVE-2019-11207 include TIBCO LogLogic Enterprise Virtual Appliance and TIBCO LogLogic Log Management Intelligence up to version 6.2.1.

  • What is the impact of exploiting CVE-2019-11207?

    Exploiting CVE-2019-11207 can lead to unauthorized access, manipulation of user data, and potential data theft.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203