TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
CVE-2019-11210

10CRITICAL

Key Information:

Vendor

Tibco
Status
Tibco Enterprise Runtime For R - Server Edition
Tibco Spotfire Analytics Platform For Aws Marketplace
Vendor
CVE Published:
18 September 2019

What is CVE-2019-11210?

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TIBCO Enterprise Runtime for R - Server Edition 1.2.0 and below

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.5.0

References

http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/09/tibco-se...
x_refsource_CONFIRM

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.