CVE-2019-11210
published 2019-09-18CVE-2019-11210: The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace…
PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
3.66%
88.2th percentile
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tibco | enterprise_runtime_for_r | <= 1.2.0 | — |
| tibco | spotfire_analytics_platform_for_aws | — | — |
| tibco | spotfire_analytics_platform_for_aws | — | — |
| tibco_software_inc | tibco_enterprise_runtime_for_r_server_edition | — | — |
| tibco_software_inc | tibco_spotfire_analytics_platform_for_aws_marketplace | — | — |
| tibco_software_inc | tibco_spotfire_analytics_platform_for_aws_marketplace | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.tibco.com/services/support/advisorieshttps://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210http://www.tibco.com/services/support/advisorieshttps://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210
2019-09-18
Published