CVE-2020-9415

Summary

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Data Virtualizationunspecified <= 7.0.8affected
TIBCO Software Inc.TIBCO Data Virtualization8.0.0affected
TIBCO Software Inc.TIBCO Data Virtualization8.1.0affected
TIBCO Software Inc.TIBCO Data Virtualization8.1.1affected
TIBCO Software Inc.TIBCO Data Virtualization8.2.0affected
TIBCO Software Inc.TIBCO Data Virtualization for AWS Marketplaceunspecified <= 8.2.0affected

Weaknesses

  • The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.

ADP Enrichment

CVE Program Container

Additional References

References