What is the severity of CVE-2019-11210?

CVE-2019-11210 has a severity rating of critical.

How can an unauthenticated user exploit CVE-2019-11210?

An unauthenticated user can exploit CVE-2019-11210 to bypass access controls and remotely execute code.

Which versions of TIBCO Enterprise Runtime for R are affected by CVE-2019-11210?

CVE-2019-11210 affects TIBCO Enterprise Runtime for R 1.2.0.

Which versions of TIBCO Spotfire Analytics Platform for AWS are affected by CVE-2019-11210?

CVE-2019-11210 affects TIBCO Spotfire Analytics Platform for AWS 10.4.0 and 10.5.0.

How do I fix CVE-2019-11210?

To fix CVE-2019-11210, users should apply the necessary security patches provided by TIBCO Software Inc.

Vulnerability/
CVE-2019-11210

critical

18/9/2019

16/9/2024

CVE-2019-11210: TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution

Q: What is CVE-2019-11210?

CVE-2019-11210 is a vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform.

First published: Wed Sep 18 2019(Updated: )

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Credit: security@tibco.com

Affected Software	Affected Version	How to fix
TIBCO Enterprise Runtime for R	<=1.2.0
TIBCO Spotfire Analytics Platform for AWS	=10.4.0
TIBCO Spotfire Analytics Platform for AWS	=10.5.0

Remedy

TIBCO has released updated versions of the affected systems which address these issues. TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher To temporarily remediate this vulnerability, the machine hosting the affected component can be protected via a properly configured firewall. Use a configuration that limits access to only the TIBCO Spotfire Server and the TIBCO Spotfire Web Player.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11210?
CVE-2019-11210 is a vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform.
What is the severity of CVE-2019-11210?
CVE-2019-11210 has a severity rating of critical.
How can an unauthenticated user exploit CVE-2019-11210?
An unauthenticated user can exploit CVE-2019-11210 to bypass access controls and remotely execute code.
Which versions of TIBCO Enterprise Runtime for R are affected by CVE-2019-11210?
CVE-2019-11210 affects TIBCO Enterprise Runtime for R 1.2.0.
Which versions of TIBCO Spotfire Analytics Platform for AWS are affected by CVE-2019-11210?
CVE-2019-11210 affects TIBCO Spotfire Analytics Platform for AWS 10.4.0 and 10.5.0.
How do I fix CVE-2019-11210?
To fix CVE-2019-11210, users should apply the necessary security patches provided by TIBCO Software Inc.

collector/nvd-index
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/severity
agent/remedy
agent/author
agent/description
agent/tags
agent/first-publish-date
agent/event
vendor/tibco
canonical/tibco enterprise runtime for r
version/tibco enterprise runtime for r/1.2.0
canonical/tibco spotfire analytics platform for aws
version/tibco spotfire analytics platform for aws/10.4.0
version/tibco spotfire analytics platform for aws/10.5.0