CVE-2019-11211 CRITICAL

CVE-2019-11211: TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution

Vendor Tibco Software Inc.
Product TIBCO Enterprise Runtime for R - Server Edition
Published September 18, 2019
Last update September 17, 2024

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Key dates

02Disclosure timeline

September 18, 2019 CVE published
September 17, 2024 Record updated