Security Notice for TIBCO Data Virtualization versions up to 8.3

Security Notice for TIBCO Data Virtualization versions up to 8.3

book

Article ID: KB0108009

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization Up to 8.3

Description

This notice is to inform you that a security issue has been discovered in TIBCO Data Virtualization versions up to 8.3. This issue is addressed in TIBCO Data Virtualization 8.3 Hotfix 5 and above. The current version of TIBCO Data Virtualization 8.3 is Hotfix 8. No version of 8.4 is impacted.

TIBCO Data Virtualization versions prior to 8.3 Hotfix 5 are vulnerable to CVE-2016-2510. This is a JAVA deserialization vulnerability in a third party component (BeanShell) that can be used to achieve remote code execution (RCE) in the monitoring component of TIBCO Data Virtualization.

Environment

All

Resolution

It is recommended that all customers upgrade to at least version 8.3 Hotfix 5 or version 8.4.

As of TIBCO Data Virtualization version 8.3 Hotfix 5, the TIBCO Data Virtualization Monitor component of TIBCO Data Virtualization, which contained the third party component, was removed from the distribution therefore eliminating this vulnerability.

Issue/Introduction

Security Notice for TIBCO Data Virtualization versions up to 8.3

Additional Information

CVE Record Details - CVE-2016-2510
Powered by Wolken Software