Security Advisory regarding TIBCO Data Virtualization
Article ID: KB0108034
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0.8 and below, 8.0.0, 8.1.0, 8.1.1, and 8.2.0 |
Description
TIBCO Data Virtualization
Original release date: August 18, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
a malicious authenticated user to download any arbitrary file from the
affected system. The user must be authenticated and have privileges required
to monitor the server in an operational capacity.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
a malicious user could exfiltrate any data file on the affected system. The
malicious user cannot modify or delete any files on the affected system with
this vulnerability.
CVSS v3 Base Score: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Original release date: August 18, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
a malicious authenticated user to download any arbitrary file from the
affected system. The user must be authenticated and have privileges required
to monitor the server in an operational capacity.
Impact
The impact of these vulnerabilities includes the theoretical possibility that
a malicious user could exfiltrate any data file on the affected system. The
malicious user cannot modify or delete any files on the affected system with
this vulnerability.
CVSS v3 Base Score: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Issue/Introduction
Security Advisory regarding TIBCO Data Virtualization
Environment
Systems Affected
TIBCO Data Virtualization versions 7.0.8 and below
TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0
TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below
The following component is affected:
* TIBCO Data Virtualization Server
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9
or higher
TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to
version 8.3.0 or higher
TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below
update to version 8.3.0 or higher
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9
or higher
TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to
version 8.3.0 or higher
TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below
update to version 8.3.0 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2020-9415
http://www.tibco.com/services/support/advisories
CVE-2020-9415
Feedback
Yes
No
Powered by
