Search criteria

12 vulnerabilities found for data_virtualization by tibco

FKIE_CVE-2022-30570

Vulnerability from fkie_nvd - Published: 2022-07-19 18:15 - Updated: 2024-11-21 07:02
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
References
security@tibco.comhttps://www.tibco.com/services/support/advisoriesVendor Advisory
security@tibco.comhttps://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/services/support/advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570Vendor Advisory
Impacted products
Vendor Product Version
tibco data_virtualization *
tibco data_virtualization_for_aws_marketplace *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "860D5F04-72E9-40D3-A3ED-1B3505FDA537",
              "versionEndIncluding": "8.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB81EB83-BE2C-4D7C-8213-DC6827D85B6F",
              "versionEndIncluding": "8.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
    },
    {
      "lang": "es",
      "value": "El componente Column Based Security de TIBCO Software Inc.\u0027s TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante poco privilegiado y acceso a la red obtener acceso de lectura a la informaci\u00f3n de la aplicaci\u00f3n en el sistema afectado. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 8.5.2 y anteriores y TIBCO Data Virtualization para AWS Marketplace: versiones 8.5.2 y anteriores."
    }
  ],
  "id": "CVE-2022-30570",
  "lastModified": "2024-11-21T07:02:57.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-19T18:15:11.643",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-35500

Vulnerability from fkie_nvd - Published: 2022-01-12 19:15 - Updated: 2024-11-21 06:12
Severity
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
References
security@tibco.comhttps://www.tibco.com/services/support/advisoriesVendor Advisory
security@tibco.comhttps://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/services/support/advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500Vendor Advisory
Impacted products
Vendor Product Version
tibco data_virtualization *
tibco data_virtualization 8.4.0
tibco data_virtualization 8.5.0
tibco data_virtualization_for_aws_marketplace *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C2A35E-A0EA-41B6-B48F-F4F014549D93",
              "versionEndIncluding": "8.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD2D931C-9084-4B44-A872-DC4B950042A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B922E97-D9D6-4697-8253-76D26E5E8DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4B7AA2-5578-4DDE-A7D1-0311A77A30C9",
              "versionEndIncluding": "8.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
    },
    {
      "lang": "es",
      "value": "El componente Data Virtualization Server de TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, y TIBCO Data Virtualization for AWS Marketplace contiene una vulnerabilidad dif\u00edcil de explotar que permite a un atacante con pocos privilegios y acceso local descargar archivos arbitrarios fuera del alcance de los permisos del usuario en el sistema afectado. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 8.3.0 y anteriores, TIBCO Data Virtualization: versi\u00f3n 8.4.0, TIBCO Data Virtualization: versi\u00f3n 8.5.0, y TIBCO Data Virtualization para AWS Marketplace: versiones 8.5.0 y  anteriores"
    }
  ],
  "id": "CVE-2021-35500",
  "lastModified": "2024-11-21T06:12:23.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-12T19:15:08.130",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-9415

Vulnerability from fkie_nvd - Published: 2020-08-18 19:15 - Updated: 2024-11-21 05:40
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
References
security@tibco.comhttp://www.tibco.com/services/support/advisoriesVendor Advisory
security@tibco.comhttps://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualizationVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/services/support/advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualizationVendor Advisory
Impacted products
Vendor Product Version
tibco data_virtualization *
tibco data_virtualization 8.0.0
tibco data_virtualization 8.1.0
tibco data_virtualization 8.1.1
tibco data_virtualization 8.2.0
tibco data_virtualization_for_aws_marketplace *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395A7E-2EE3-428C-90F7-C7B5EFA9545D",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BDF0CC-558F-4195-AEE5-6986C897B8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70A405F4-C123-455A-84CE-4FF02748A3B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4109C903-AD87-4B50-A7A5-C2950EB328BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "322435E6-A188-4777-96BF-AC6575F2C1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8614DE94-D040-4851-9D59-7D3E13E61DB2",
              "versionEndIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
    },
    {
      "lang": "es",
      "value": "El componente TIBCO Data Virtualization Server de TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario autenticado malicioso descargar cualquier archivo arbitrario del sistema afectado. El usuario necesita estar autenticado y tener los privilegios necesarios para monitorear el servidor en una capacidad operativa. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 7.0.8 y anteriores, versiones 8.0.0, 8.1.0, 8.1.1 y 8.2.0 y TIBCO Data Virtualization para AWS Marketplace: versiones 8.2.0 y por debajo."
    }
  ],
  "id": "CVE-2020-9415",
  "lastModified": "2024-11-21T05:40:35.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-18T19:15:14.173",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-5428

Vulnerability from fkie_nvd - Published: 2018-06-20 18:29 - Updated: 2024-11-21 04:08
Severity
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.
References
security@tibco.comhttp://www.securityfocus.com/bid/104518Third Party Advisory, VDB Entry
security@tibco.comhttps://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualizationVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104518Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualizationVendor Advisory
Impacted products
Vendor Product Version
tibco data_virtualization 7.0.5
tibco data_virtualization 7.0.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A240275-FDCD-403F-9B3D-1AE8BF406699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7404124-5EF5-473E-85D0-08258399E97C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
    },
    {
      "lang": "es",
      "value": "El componente del adaptador de control de versiones de TIBCO Data Virtualization (antes conocido como Cisco Information Server) contiene vulnerabilidades que podr\u00edan permitir la ejecuci\u00f3n de comandos arbitrarios. Las versiones afectadas de TIBCO Data Virtualization son la 7.0.5 y la 7.0.6."
    }
  ],
  "id": "CVE-2018-5428",
  "lastModified": "2024-11-21T04:08:46.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-20T18:29:00.437",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104518"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-30570 (GCVE-0-2022-30570)

Vulnerability from cvelistv5 – Published: 2022-07-19 17:50 – Updated: 2024-09-16 18:18
VLAI
Title
TIBCO Data Virtualization Access Control Vulnerability
Summary
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.
Assigner
References
Impacted products
Date Public
2022-07-19 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T18:06:21.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
        }
      ],
      "source": {
        "discovery": "Internal"
      },
      "title": "TIBCO Data Virtualization Access Control Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2022-07-19T17:00:00Z",
          "ID": "CVE-2022-30570",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Access Control Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
          }
        ],
        "source": {
          "discovery": "Internal"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2022-30570",
    "datePublished": "2022-07-19T17:50:10.149Z",
    "dateReserved": "2022-05-11T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:18:20.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-35500 (GCVE-0-2021-35500)

Vulnerability from cvelistv5 – Published: 2022-01-12 18:40 – Updated: 2024-09-16 16:18
VLAI
Title
TIBCO Data Virtualization Arbitrary File Download vulnerability
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Severity
6.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
Assigner
References
Impacted products
Date Public
2022-01-12 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.4.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T19:06:22.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization Arbitrary File Download vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00Z",
          "ID": "CVE-2021-35500",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.5.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2021-35500",
    "datePublished": "2022-01-12T18:40:11.398Z",
    "dateReserved": "2021-06-24T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:18:36.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9415 (GCVE-0-2020-9415)

Vulnerability from cvelistv5 – Published: 2020-08-18 18:50 – Updated: 2024-09-16 17:04
VLAI
Title
TIBCO Data Virtualization
Summary
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.
Assigner
References
Impacted products
Vendor Product Version
TIBCO Software Inc. TIBCO Data Virtualization Affected: unspecified , ≤ 7.0.8 (custom)
Affected: 8.0.0
Affected: 8.1.0
Affected: 8.1.1
Affected: 8.2.0
Create a notification for this product.
TIBCO Software Inc. TIBCO Data Virtualization for AWS Marketplace Affected: unspecified , ≤ 8.2.0 (custom)
Create a notification for this product.
Date Public
2020-08-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            },
            {
              "status": "affected",
              "version": "8.1.1"
            },
            {
              "status": "affected",
              "version": "8.2.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-08-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-18T19:06:03.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2020-08-18T17:00:00Z",
          "ID": "CVE-2020-9415",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "7.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2020-9415",
    "datePublished": "2020-08-18T18:50:11.750Z",
    "dateReserved": "2020-02-26T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:04:04.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5428 (GCVE-0-2018-5428)

Vulnerability from cvelistv5 – Published: 2018-06-20 18:00 – Updated: 2024-09-16 17:48
VLAI
Title
TIBCO Data Virtualization Command Injection Vulnerability
Summary
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.
Severity
8.8 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.
Assigner
References
Impacted products
Vendor Product Version
TIBCO Software Inc. TIBCO Data Virtualization Affected: 7.0.5
Affected: 7.0.6
Create a notification for this product.
Date Public
2018-06-20 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
          },
          {
            "name": "104518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            }
          ]
        }
      ],
      "datePublic": "2018-06-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-22T09:57:01.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
        },
        {
          "name": "104518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104518"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2018-06-20T16:00:00.000Z",
          "ID": "CVE-2018-5428",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.0.5"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
            },
            {
              "name": "104518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104518"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2018-5428",
    "datePublished": "2018-06-20T18:00:00.000Z",
    "dateReserved": "2018-01-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:48:24.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30570 (GCVE-0-2022-30570)

Vulnerability from nvd – Published: 2022-07-19 17:50 – Updated: 2024-09-16 18:18
VLAI
Title
TIBCO Data Virtualization Access Control Vulnerability
Summary
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.
Assigner
References
Impacted products
Date Public
2022-07-19 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:13.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T18:06:21.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
        }
      ],
      "source": {
        "discovery": "Internal"
      },
      "title": "TIBCO Data Virtualization Access Control Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2022-07-19T17:00:00Z",
          "ID": "CVE-2022-30570",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Access Control Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Column Based Security component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Successful execution of this vulnerability can result in unauthorized read access to application information on the affected system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2022/06/tibco-security-advisory-july-19-2022-tdv-cve-2022-30570"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.5.2 and below: update to version 8.5.3 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below: update to version 8.6.0 or later"
          }
        ],
        "source": {
          "discovery": "Internal"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2022-30570",
    "datePublished": "2022-07-19T17:50:10.149Z",
    "dateReserved": "2022-05-11T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:18:20.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-35500 (GCVE-0-2021-35500)

Vulnerability from nvd – Published: 2022-01-12 18:40 – Updated: 2024-09-16 16:18
VLAI
Title
TIBCO Data Virtualization Arbitrary File Download vulnerability
Summary
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Severity
6.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
Assigner
References
Impacted products
Date Public
2022-01-12 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:46.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.4.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.5.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T19:06:22.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization Arbitrary File Download vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00Z",
          "ID": "CVE-2021-35500",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.5.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user\u0027s permissions on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2021-35500",
    "datePublished": "2022-01-12T18:40:11.398Z",
    "dateReserved": "2021-06-24T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:18:36.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-9415 (GCVE-0-2020-9415)

Vulnerability from nvd – Published: 2020-08-18 18:50 – Updated: 2024-09-16 17:04
VLAI
Title
TIBCO Data Virtualization
Summary
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.
Assigner
References
Impacted products
Vendor Product Version
TIBCO Software Inc. TIBCO Data Virtualization Affected: unspecified , ≤ 7.0.8 (custom)
Affected: 8.0.0
Affected: 8.1.0
Affected: 8.1.1
Affected: 8.2.0
Create a notification for this product.
TIBCO Software Inc. TIBCO Data Virtualization for AWS Marketplace Affected: unspecified , ≤ 8.2.0 (custom)
Create a notification for this product.
Date Public
2020-08-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            },
            {
              "status": "affected",
              "version": "8.1.1"
            },
            {
              "status": "affected",
              "version": "8.2.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-08-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-18T19:06:03.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2020-08-18T17:00:00Z",
          "ID": "CVE-2020-9415",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "7.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2020-9415",
    "datePublished": "2020-08-18T18:50:11.750Z",
    "dateReserved": "2020-02-26T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:04:04.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5428 (GCVE-0-2018-5428)

Vulnerability from nvd – Published: 2018-06-20 18:00 – Updated: 2024-09-16 17:48
VLAI
Title
TIBCO Data Virtualization Command Injection Vulnerability
Summary
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.
Severity
8.8 (High)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.
Assigner
References
Impacted products
Vendor Product Version
TIBCO Software Inc. TIBCO Data Virtualization Affected: 7.0.5
Affected: 7.0.6
Create a notification for this product.
Date Public
2018-06-20 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
          },
          {
            "name": "104518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            }
          ]
        }
      ],
      "datePublic": "2018-06-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-22T09:57:01.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
        },
        {
          "name": "104518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104518"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2018-06-20T16:00:00.000Z",
          "ID": "CVE-2018-5428",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.0.5"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "7.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The impact of the vulnerability includes the theoretical possibility of disclosing contents of files on the host machine that are accessible to the operating system account used to run the affected component."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization"
            },
            {
              "name": "104518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104518"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n* TIBCO Data Virtualization versions 7.0.5 and 7.0.6 update to version 7.0.7 or higher."
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2018-5428",
    "datePublished": "2018-06-20T18:00:00.000Z",
    "dateReserved": "2018-01-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:48:24.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}