CVE-2019-11210
CRITICALTIBCO Enterprise Runtime for R - Server Edition <1.2.0 - Auth Bypass
Title source: llmDescription
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.tibco.com/services/support/advisories
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210
Scores
CVSS v3
10.0
EPSS
0.0282
EPSS Percentile
86.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (3)
tibco/enterprise_runtime_for_r
< 1.2.0
tibco/spotfire_analytics_platform_for_aws
10.4.0
tibco/spotfire_analytics_platform_for_aws
10.5.0
Published
Sep 18, 2019
Tracked Since
Feb 18, 2026