TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
CVE-2019-11210

10CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Enterprise Runtime For R - Server Edition; Tibco Spotfire Analytics Platform For Aws Marketplace
Vendor: CVE Published:; 18 September 2019

Summary

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Affected Version(s)

TIBCO Enterprise Runtime for R - Server Edition 1.2.0 and below

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.5.0

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/09/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Apr 12, 2019

Collectors

NVD DatabaseMitre Database