CVE-2019-11210 — Enterprise Runtime FOR R vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

2.8%

top 13.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Enterprise Runtime FOR R Tibco Software INC Tibco Enterprise Runtime FOR R Server Edition Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace +1 more

Timeline

PublishedSep 18

Latest updateMay 24

Description

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace v…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_enterprise_runtime_for_r_server_edition1.2.0 and below

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplace10.4.0, 10.5.0+1

▶NVDtibco/spotfire_analytics_platform10.4.0, 10.5.0+1

▶NVDtibco/enterprise_runtime1.2.0

🔴Vulnerability Details

GHSA

GHSA-g2pq-36f3-2p66: The server component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution↗2019-09-18

▶