CVE-2020-9415: TIBCO Data Virtualization
First published: Tue Aug 18 2020(Updated: )
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Data Virtualization | <=7.0.8 | |
| TIBCO Data Virtualization | =8.0.0 | |
| TIBCO Data Virtualization | =8.1.0 | |
| TIBCO Data Virtualization | =8.1.1 | |
| TIBCO Data Virtualization | =8.2.0 | |
| TIBCO Data Virtualization for AWS Marketplace | <=8.2.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9415?
CVE-2020-9415 is a vulnerability in the TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace.
How does CVE-2020-9415 affect TIBCO Data Virtualization?
CVE-2020-9415 allows a malicious authenticated user to download any arbitrary file from the affected system in TIBCO Data Virtualization.
Is TIBCO Data Virtualization version 7.0.8 affected by CVE-2020-9415?
Yes, TIBCO Data Virtualization version 7.0.8 is affected by CVE-2020-9415.
How severe is CVE-2020-9415?
CVE-2020-9415 has a severity rating of medium (6.5).
How can I fix the vulnerability CVE-2020-9415?
To fix the vulnerability CVE-2020-9415, users should apply the necessary patches or updates provided by TIBCO Software Inc.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/tibco
- canonical/tibco data virtualization
- version/tibco data virtualization/7.0.8
- version/tibco data virtualization/8.0.0
- version/tibco data virtualization/8.1.0
- version/tibco data virtualization/8.1.1
- version/tibco data virtualization/8.2.0
- canonical/tibco data virtualization for aws marketplace
- version/tibco data virtualization for aws marketplace/8.2.0