Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11211

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Published

2019-09-18T23:15:10.923

Last Modified

2024-11-21T04:20:44.133

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tibco	enterprise_runtime_for_r	≤ 1.2.0	Yes
Application	tibco	spotfire_analytics_platform_for_aws	10.4.0	Yes
Application	tibco	spotfire_analytics_platform_for_aws	10.5.0	Yes

References

http://www.tibco.com/services/support/advisories Vendor Advisory ([email protected])
https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211 Vendor Advisory ([email protected])
http://www.tibco.com/services/support/advisories Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)