SB2019091911 - Multiple vulnerabilities in TIBCO Enterprise Runtime and Spotfire
Published: September 19, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-11211)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to unspecified error. A remote authenticated attacker can execute arbitrary code on the target system.
2) Input validation error (CVE-ID: CVE-2019-11210)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to unspecified error. A remote unauthenticated attacker can execute arbitrary code on the target system and gain full control of the operating system account hosting the affected component.
Remediation
Install update from vendor's website.
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211
- https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210