CVE Vulnerabilities

CVE-2019-11210

Published: Sep 18, 2019 | Modified: Aug 24, 2020
CVSS 3.x
10
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The server component of TIBCO Software Inc.s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Affected Software

Name Vendor Start Version End Version
Enterprise_runtime_for_r Tibco * 1.2.0 (including)
Spotfire_analytics_platform_for_aws Tibco 10.4.0 (including) 10.4.0 (including)
Spotfire_analytics_platform_for_aws Tibco 10.5.0 (including) 10.5.0 (including)

References