Vulnerability Description
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Enterprise Runtime For R | <= 1.2.0 |
| Tibco | Spotfire Analytics Platform For Aws | 10.4.0 |
References
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-septembVendor Advisory
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-septembVendor Advisory
FAQ
What is CVE-2019-11210?
CVE-2019-11210 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically all...
How severe is CVE-2019-11210?
CVE-2019-11210 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11210?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Enterprise Runtime For R, Tibco Spotfire Analytics Platform For Aws.