TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution

A vulnerability in TIBCO's R Server component allows an authenticated user to execute malicious code remotely on Linux systems running the containerized TERR service. This could give attackers full control over the affected server.

The server component of TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform for AWS Marketplace (versions ≤1.2.0 and 10.4.0/10.5.0 respectively) contains an improper input validation flaw in the containerized TERR service on Linux. An authenticated attacker can exploit this to achieve remote code execution with privileges of the container runtime. The vulnerability requires prior authentication and specific deployment configuration (containerized TERR on Linux) to be exploitable.