CVE-2021-35500
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Data Virtualization | unspecified <= 8.3.0 | affected |
| TIBCO Software Inc. | TIBCO Data Virtualization | 8.4.0 | affected |
| TIBCO Software Inc. | TIBCO Data Virtualization | 8.5.0 | affected |
| TIBCO Software Inc. | TIBCO Data Virtualization for AWS Marketplace | unspecified <= 8.5.0 | affected |
Weaknesses
- Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
ADP Enrichment
CVE Program Container
Additional References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500
References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.