Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9415

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.

Published

2020-08-18T19:15:14.173

Last Modified

2024-11-21T05:40:35.800

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tibco	data_virtualization	≤ 7.0.8	Yes
Application	tibco	data_virtualization	8.0.0	Yes
Application	tibco	data_virtualization	8.1.0	Yes
Application	tibco	data_virtualization	8.1.1	Yes
Application	tibco	data_virtualization	8.2.0	Yes
Application	tibco	data_virtualization_for_aws_marketplace	≤ 8.2.0	Yes

References

http://www.tibco.com/services/support/advisories Vendor Advisory ([email protected])
https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization Vendor Advisory ([email protected])
http://www.tibco.com/services/support/advisories Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)