TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution
CVE-2019-11211

9.9CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Enterprise Runtime For R - Server Edition; Tibco Spotfire Analytics Platform For Aws Marketplace
Vendor: CVE Published:; 18 September 2019

Summary

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Affected Version(s)

TIBCO Enterprise Runtime for R - Server Edition 1.2.0 and below

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0

TIBCO Spotfire Analytics Platform for AWS Marketplace 10.5.0

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/09/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Apr 12, 2019

Collectors

NVD DatabaseMitre Database