Lucene search

[email protected]CVE-2019-11211

HistorySep 18, 2019 - 11:15 p.m.

CVE-2019-11211

2019-09-1823:15:10

[email protected]

web.nvd.nist.gov

142

tibco

software inc.

enterprise runtime

server edition

spotfire analytics

aws marketplace

cve-2019-11211

nvd

security

vulnerability

remote code execution

linux

terr service

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Affected configurations

NVD

Node

tibcoenterprise_runtime_for_rRange≤1.2.0server

tibcospotfire_analytics_platform_for_awsMatch10.4.0

tibcospotfire_analytics_platform_for_awsMatch10.5.0

CPENameOperatorVersion
tibco:enterprise_runtime_for_rtibco enterprise runtime for rle1.2.0
tibco:spotfire_analytics_platform_for_awstibco spotfire analytics platform for awseq10.4.0
tibco:spotfire_analytics_platform_for_awstibco spotfire analytics platform for awseq10.5.0

CPE	Name	Operator	Version
tibco:enterprise_runtime_for_r	tibco enterprise runtime for r	le	1.2.0
tibco:spotfire_analytics_platform_for_aws	tibco spotfire analytics platform for aws	eq	10.4.0
tibco:spotfire_analytics_platform_for_aws	tibco spotfire analytics platform for aws	eq	10.5.0

CNA Affected

[
  {
    "product": "TIBCO Enterprise Runtime for R - Server Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.2.0 and below"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for CVE-2019-11211

cvelist1 nvd1 tibco1 prion1