cbcvebase.
CVE-2019-11210
published 2019-09-18

CVE-2019-11210: The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace…

PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
3.66%
88.2th percentile
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Affected

6 ranges
VendorProductVersion rangeFixed in
tibcoenterprise_runtime_for_r<= 1.2.0
tibcospotfire_analytics_platform_for_aws
tibcospotfire_analytics_platform_for_aws
tibco_software_inctibco_enterprise_runtime_for_r_server_edition
tibco_software_inctibco_spotfire_analytics_platform_for_aws_marketplace
tibco_software_inctibco_spotfire_analytics_platform_for_aws_marketplace

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.