Search criteria
6 vulnerabilities found for data_virtualization_for_aws_marketplace by tibco
CVE-2022-30570 (GCVE-0-2022-30570)
Vulnerability from nvd – Published: 2022-07-19 17:50 – Updated: 2024-09-16 18:18
VLAI
Title
TIBCO Data Virtualization Access Control Vulnerability
Summary
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
Severity
6.5 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/06/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 8.5.2
(custom)
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.5.2
(custom)
|
Date Public
2022-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T18:06:21.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
}
],
"source": {
"discovery": "Internal"
},
"title": "TIBCO Data Virtualization Access Control Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-07-19T17:00:00Z",
"ID": "CVE-2022-30570",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Access Control Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.2"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
}
],
"source": {
"discovery": "Internal"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-30570",
"datePublished": "2022-07-19T17:50:10.149Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:20.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35500 (GCVE-0-2021-35500)
Vulnerability from nvd – Published: 2022-01-12 18:40 – Updated: 2024-09-16 16:18
VLAI
Title
TIBCO Data Virtualization Arbitrary File Download vulnerability
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Severity
6.3 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/01/… | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 8.3.0
(custom)
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
8.4.0
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
8.5.0
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.5.0
(custom)
|
Date Public
2022-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0"
}
]
},
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.5.0"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T19:06:22.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Data Virtualization Arbitrary File Download vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-01-12T17:00:00Z",
"ID": "CVE-2021-35500",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.3.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-35500",
"datePublished": "2022-01-12T18:40:11.398Z",
"dateReserved": "2021-06-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:36.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9415 (GCVE-0-2020-9415)
Vulnerability from nvd – Published: 2020-08-18 18:50 – Updated: 2024-09-16 17:04
VLAI
Title
TIBCO Data Virtualization
Summary
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
Severity
5.3 (Medium)
CWE
- The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2020/08/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 7.0.8
(custom)
Affected: 8.0.0 Affected: 8.1.0 Affected: 8.1.1 Affected: 8.2.0 |
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.2.0
(custom)
|
Date Public
2020-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"status": "affected",
"version": "8.1.1"
},
{
"status": "affected",
"version": "8.2.0"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T19:06:03.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Data Virtualization",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-08-18T17:00:00Z",
"ID": "CVE-2020-9415",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.0.8"
},
{
"version_affected": "=",
"version_value": "8.0.0"
},
{
"version_affected": "=",
"version_value": "8.1.0"
},
{
"version_affected": "=",
"version_value": "8.1.1"
},
{
"version_affected": "=",
"version_value": "8.2.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9415",
"datePublished": "2020-08-18T18:50:11.750Z",
"dateReserved": "2020-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:04:04.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30570 (GCVE-0-2022-30570)
Vulnerability from cvelistv5 – Published: 2022-07-19 17:50 – Updated: 2024-09-16 18:18
VLAI
Title
TIBCO Data Virtualization Access Control Vulnerability
Summary
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
Severity
6.5 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/06/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 8.5.2
(custom)
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.5.2
(custom)
|
Date Public
2022-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T18:06:21.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
}
],
"source": {
"discovery": "Internal"
},
"title": "TIBCO Data Virtualization Access Control Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-07-19T17:00:00Z",
"ID": "CVE-2022-30570",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Access Control Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.2"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
}
],
"source": {
"discovery": "Internal"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-30570",
"datePublished": "2022-07-19T17:50:10.149Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:20.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35500 (GCVE-0-2021-35500)
Vulnerability from cvelistv5 – Published: 2022-01-12 18:40 – Updated: 2024-09-16 16:18
VLAI
Title
TIBCO Data Virtualization Arbitrary File Download vulnerability
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Severity
6.3 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/01/… | x_refsource_CONFIRM |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 8.3.0
(custom)
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
8.4.0
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
8.5.0
|
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.5.0
(custom)
|
Date Public
2022-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.4.0"
}
]
},
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.5.0"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T19:06:22.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Data Virtualization Arbitrary File Download vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-01-12T17:00:00Z",
"ID": "CVE-2021-35500",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.3.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-35500",
"datePublished": "2022-01-12T18:40:11.398Z",
"dateReserved": "2021-06-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:36.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9415 (GCVE-0-2020-9415)
Vulnerability from cvelistv5 – Published: 2020-08-18 18:50 – Updated: 2024-09-16 17:04
VLAI
Title
TIBCO Data Virtualization
Summary
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
Severity
5.3 (Medium)
CWE
- The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2020/08/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization |
Affected:
unspecified , ≤ 7.0.8
(custom)
Affected: 8.0.0 Affected: 8.1.0 Affected: 8.1.1 Affected: 8.2.0 |
|
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace |
Affected:
unspecified , ≤ 8.2.0
(custom)
|
Date Public
2020-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Data Virtualization",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"status": "affected",
"version": "8.1.1"
},
{
"status": "affected",
"version": "8.2.0"
}
]
},
{
"product": "TIBCO Data Virtualization for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T19:06:03.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Data Virtualization",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-08-18T17:00:00Z",
"ID": "CVE-2020-9415",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.0.8"
},
{
"version_affected": "=",
"version_value": "8.0.0"
},
{
"version_affected": "=",
"version_value": "8.1.0"
},
{
"version_affected": "=",
"version_value": "8.1.1"
},
{
"version_affected": "=",
"version_value": "8.2.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9415",
"datePublished": "2020-08-18T18:50:11.750Z",
"dateReserved": "2020-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:04:04.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}