TIBCO Data Virtualization
CVE-2020-9415

5.3MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Data Virtualization; Tibco Data Virtualization For Aws Marketplace
Vendor: CVE Published:; 18 August 2020

What is CVE-2020-9415?

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.

Affected Version(s)

TIBCO Data Virtualization <= 7.0.8

TIBCO Data Virtualization 8.0.0

TIBCO Data Virtualization 8.1.0

References

http://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2020/08/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2020
Vulnerability Reserved
Feb 26, 2020

Tibco

What is CVE-2020-9415?

Affected Version(s)

References

CVSS V3.1

Timeline