CVE-2019-11211

Name of the Vulnerable Software and Affected Versions TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0; 10.5.0

Description The issue theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux, the host can theoretically be tricked into running malicious code.

Recommendations For TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, update to a version above 1.2.0 to resolve the issue. For TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0; 10.5.0, consider restricting access to the TERR service on Linux until a patch is available.