CVE-2019-11210
TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
In short
TIBCO Enterprise Runtime for R Server has a critical flaw that lets anyone, without logging in, run malicious code on the server using the account that runs the application. This could give attackers complete control of the system.
Technical detail
An unauthenticated remote attacker can bypass access controls on TIBCO Enterprise Runtime for R - Server Edition (≤1.2.0) and TIBCO Spotfire Analytics Platform for AWS Marketplace (10.4.0, 10.5.0) to achieve arbitrary code execution with privileges of the hosting OS account. The vulnerability requires network access to the affected service but no prior credentials or user interaction.
Summary generated and translated by AI from the official description.
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
TIBCO Software Inc. · TIBCO Enterprise Runtime for R - Server EditionTIBCO Software Inc. · TIBCO Spotfire Analytics Platform for AWS MarketplaceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →