Security Advisory Regarding TIBCO Data Virtualization

Security Advisory Regarding TIBCO Data Virtualization

book

Article ID: KB0107991

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization 8.3.0 and below, 8.4.0, 8.5.0

Description

TIBCO Data Virtualization Arbitrary File Download vulnerability

  Original release date: December 15, 2021
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains a difficult to exploit vulnerability that
  allows a low privileged attacker with local access to download arbitrary files
  outside of the scope of the user's permissions on the affected system.

Impact

  Successful execution of this vulnerability can result in unauthorized read
  access to all files on the affected system.

  CVSS v3 Base Score: 6.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Environment

Products Affected TIBCO Data Virtualization versions 8.3.0 and below TIBCO Data Virtualization version 8.4.0 TIBCO Data Virtualization version 8.5.0 TIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below The following component is affected: * Data Virtualization Server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1
    or later

  TIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later

  TIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later

  TIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below
    update to version 8.5.1 or later
 

Issue/Introduction

Security Advisory Regarding TIBCO Data Virtualization Arbitrary File Download vulnerability

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2021-35500
 
Powered by Wolken Software