SB2019091911 - Multiple vulnerabilities in TIBCO Enterprise Runtime and Spotfire

Description

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error (CVE-ID: CVE-2019-11211)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unspecified error. A remote authenticated attacker can execute arbitrary code on the target system.

2) Input validation error (CVE-ID: CVE-2019-11210)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unspecified error. A remote unauthenticated attacker can execute arbitrary code on the target system and gain full control of the operating system account hosting the affected component.

Remediation

Install update from vendor's website.

References

• http://www.tibco.com/services/support/advisories
• https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211
• https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210