Is CVE-2019-11211 actively exploited?

CVE-2019-11211 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-11211?

CVE-2019-11211 has a CVSS score of 9.9 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2019-11211?

Patch guidance is available from tibco security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-11211.

Fix CVE-2019-11211 - CRITICAL tibco enterprise runtime for r

Q: Which products are affected by CVE-2019-11211?

3 products: tibco enterprise runtime for r, tibco spotfire analytics platform for aws, tibco spotfire analytics platform for aws.

Description

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfo

Metadata

Primary Vendor: TIBCO
Published: 9/18/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

tibco : enterprise_runtime_for_rtibco : spotfire_analytics_platform_for_awstibco : spotfire_analytics_platform_for_aws

Remediation Guidance

Executive Summary

View on NIST NVD