CVE-2021-35500: TIBCO Data Virtualization Arbitrary File Download vulnerability
First published: Wed Jan 12 2022(Updated: )
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Data Virtualization | <=8.3.0 | |
| TIBCO Data Virtualization | =8.4.0 | |
| TIBCO Data Virtualization | =8.5.0 | |
| TIBCO Data Virtualization for AWS Marketplace | <=8.5.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later TIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later TIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later TIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-35500?
CVE-2021-35500 is a vulnerability in the Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace.
What is the severity of CVE-2021-35500?
The severity of CVE-2021-35500 is medium with a CVSS score of 5.5.
Who is affected by CVE-2021-35500?
The vulnerability affects TIBCO Data Virtualization versions 8.3.0, 8.4.0, 8.5.0, and TIBCO Data Virtualization for AWS Marketplace up to version 8.5.0.
How can an attacker exploit CVE-2021-35500?
An attacker with low privileged local access can exploit CVE-2021-35500, although it is considered difficult to exploit.
How can I fix CVE-2021-35500?
To address CVE-2021-35500, it is recommended to update to the latest version of TIBCO Data Virtualization or TIBCO Data Virtualization for AWS Marketplace.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco data virtualization
- version/tibco data virtualization/8.3.0
- version/tibco data virtualization/8.4.0
- version/tibco data virtualization/8.5.0
- canonical/tibco data virtualization for aws marketplace
- version/tibco data virtualization for aws marketplace/8.5.0