Vulnerability-Lookup

CVE-2020-9415 (GCVE-0-2020-9415)

Vulnerability from cvelistv5 – Published: 2020-08-18 18:50 – Updated: 2024-09-16 17:04

Title

TIBCO Data Virtualization

Summary

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.

Assigner

tibco

References

2 references

URL	Tags
http://www.tibco.com/services/support/advisories	x_refsource_CONFIRM
https://www.tibco.com/support/advisories/2020/08/…	x_refsource_CONFIRM

Impacted products

2 products

Vendor	Product	Version
TIBCO Software Inc.	TIBCO Data Virtualization	Affected: unspecified , ≤ 7.0.8 (custom) Affected: 8.0.0 Affected: 8.1.0 Affected: 8.1.1 Affected: 8.2.0
TIBCO Software Inc.	TIBCO Data Virtualization for AWS Marketplace	Affected: unspecified , ≤ 8.2.0 (custom)

Date Public

2020-08-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.tibco.com/services/support/advisories"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO Data Virtualization",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            },
            {
              "status": "affected",
              "version": "8.1.1"
            },
            {
              "status": "affected",
              "version": "8.2.0"
            }
          ]
        },
        {
          "product": "TIBCO Data Virtualization for AWS Marketplace",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-08-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-18T19:06:03.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.tibco.com/services/support/advisories"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "TIBCO Data Virtualization",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2020-08-18T17:00:00Z",
          "ID": "CVE-2020-9415",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO Data Virtualization"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO Data Virtualization",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "7.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Data Virtualization for AWS Marketplace",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "8.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2020-9415",
    "datePublished": "2020-08-18T18:50:11.750Z",
    "dateReserved": "2020-02-26T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:04:04.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-9415",
      "date": "2026-05-31",
      "epss": "0.00285",
      "percentile": "0.52188"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.0.8\", \"matchCriteriaId\": \"83395A7E-2EE3-428C-90F7-C7B5EFA9545D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86BDF0CC-558F-4195-AEE5-6986C897B8C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70A405F4-C123-455A-84CE-4FF02748A3B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4109C903-AD87-4B50-A7A5-C2950EB328BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"322435E6-A188-4777-96BF-AC6575F2C1F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.2.0\", \"matchCriteriaId\": \"8614DE94-D040-4851-9D59-7D3E13E61DB2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.\"}, {\"lang\": \"es\", \"value\": \"El componente TIBCO Data Virtualization Server de TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad que te\\u00f3ricamente permite a un usuario autenticado malicioso descargar cualquier archivo arbitrario del sistema afectado. El usuario necesita estar autenticado y tener los privilegios necesarios para monitorear el servidor en una capacidad operativa. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 7.0.8 y anteriores, versiones 8.0.0, 8.1.0, 8.1.1 y 8.2.0 y TIBCO Data Virtualization para AWS Marketplace: versiones 8.2.0 y por debajo.\"}]",
      "id": "CVE-2020-9415",
      "lastModified": "2024-11-21T05:40:35.800",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@tibco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-18T19:15:14.173",
      "references": "[{\"url\": \"http://www.tibco.com/services/support/advisories\", \"source\": \"security@tibco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization\", \"source\": \"security@tibco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.tibco.com/services/support/advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@tibco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9415\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2020-08-18T19:15:14.173\",\"lastModified\":\"2024-11-21T05:40:35.800\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.\"},{\"lang\":\"es\",\"value\":\"El componente TIBCO Data Virtualization Server de TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario autenticado malicioso descargar cualquier archivo arbitrario del sistema afectado. El usuario necesita estar autenticado y tener los privilegios necesarios para monitorear el servidor en una capacidad operativa. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 7.0.8 y anteriores, versiones 8.0.0, 8.1.0, 8.1.1 y 8.2.0 y TIBCO Data Virtualization para AWS Marketplace: versiones 8.2.0 y por debajo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.8\",\"matchCriteriaId\":\"83395A7E-2EE3-428C-90F7-C7B5EFA9545D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86BDF0CC-558F-4195-AEE5-6986C897B8C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70A405F4-C123-455A-84CE-4FF02748A3B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4109C903-AD87-4B50-A7A5-C2950EB328BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"322435E6-A188-4777-96BF-AC6575F2C1F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.2.0\",\"matchCriteriaId\":\"8614DE94-D040-4851-9D59-7D3E13E61DB2\"}]}]}],\"references\":[{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-48991

Vulnerability from cnvd - Published: 2020-08-28

Title

TIBCO Software Data Virtualization任意文件下载漏洞

Description

TIBCO Software Data Virtualization是一款企业数据虚拟化解决方案。 TIBCO Software Data Virtualization中的TIBCO Data Virtualization Server组件存在任意文件下载漏洞，远程攻击者可利用该漏洞提交特殊的请求，下载系统任意文件。

Severity

中

Patch Name

TIBCO Software Data Virtualization任意文件下载漏洞的补丁

Patch Description

TIBCO Software Data Virtualization是一款企业数据虚拟化解决方案。 TIBCO Software Data Virtualization中的TIBCO Data Virtualization Server组件存在任意文件下载漏洞，远程攻击者可利用该漏洞提交特殊的请求，下载系统任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization

Reference

https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization

Impacted products

Name
['TIBCO Software Data Virtualization <=7.0.8', 'TIBCO Software Data Virtualization 8.0.0', 'TIBCO Software Data Virtualization 8.1.0', 'TIBCO Software Data Virtualization 8.1.1', 'TIBCO Software Data Virtualization 8.2.0', 'TIBCO Software Data Virtualization for AWS Marketplace <=8.2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9415",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9415"
    }
  },
  "description": "TIBCO Software Data Virtualization\u662f\u4e00\u6b3e\u4f01\u4e1a\u6570\u636e\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\n\nTIBCO Software Data Virtualization\u4e2d\u7684TIBCO Data Virtualization Server\u7ec4\u4ef6\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4e0b\u8f7d\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-48991",
  "openTime": "2020-08-28",
  "patchDescription": "TIBCO Software Data Virtualization\u662f\u4e00\u6b3e\u4f01\u4e1a\u6570\u636e\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nTIBCO Software Data Virtualization\u4e2d\u7684TIBCO Data Virtualization Server\u7ec4\u4ef6\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u4e0b\u8f7d\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TIBCO Software Data Virtualization\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TIBCO Software Data Virtualization \u003c=7.0.8",
      "TIBCO Software Data Virtualization 8.0.0",
      "TIBCO Software Data Virtualization 8.1.0",
      "TIBCO Software Data Virtualization 8.1.1",
      "TIBCO Software Data Virtualization 8.2.0",
      "TIBCO Software Data Virtualization for AWS Marketplace \u003c=8.2.0"
    ]
  },
  "referenceLink": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-24",
  "title": "TIBCO Software Data Virtualization\u4efb\u610f\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e"
}

FKIE_CVE-2020-9415

Vulnerability from fkie_nvd - Published: 2020-08-18 19:15 - Updated: 2024-11-21 05:40

Severity

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@tibco.com	http://www.tibco.com/services/support/advisories	Vendor Advisory
security@tibco.com	https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.tibco.com/services/support/advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization	Vendor Advisory

Impacted products

Vendor	Product	Version
tibco	data_virtualization	*
tibco	data_virtualization	8.0.0
tibco	data_virtualization	8.1.0
tibco	data_virtualization	8.1.1
tibco	data_virtualization	8.2.0
tibco	data_virtualization_for_aws_marketplace	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395A7E-2EE3-428C-90F7-C7B5EFA9545D",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BDF0CC-558F-4195-AEE5-6986C897B8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70A405F4-C123-455A-84CE-4FF02748A3B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4109C903-AD87-4B50-A7A5-C2950EB328BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "322435E6-A188-4777-96BF-AC6575F2C1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8614DE94-D040-4851-9D59-7D3E13E61DB2",
              "versionEndIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
    },
    {
      "lang": "es",
      "value": "El componente TIBCO Data Virtualization Server de TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario autenticado malicioso descargar cualquier archivo arbitrario del sistema afectado. El usuario necesita estar autenticado y tener los privilegios necesarios para monitorear el servidor en una capacidad operativa. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 7.0.8 y anteriores, versiones 8.0.0, 8.1.0, 8.1.1 y 8.2.0 y TIBCO Data Virtualization para AWS Marketplace: versiones 8.2.0 y por debajo."
    }
  ],
  "id": "CVE-2020-9415",
  "lastModified": "2024-11-21T05:40:35.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-18T19:15:14.173",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RJ75-VQ3G-JPWC

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-18T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.",
  "id": "GHSA-rj75-vq3g-jpwc",
  "modified": "2022-05-24T17:26:07Z",
  "published": "2022-05-24T17:26:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9415"
    },
    {
      "type": "WEB",
      "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
    },
    {
      "type": "WEB",
      "url": "http://www.tibco.com/services/support/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-9415

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9415

Aliases

CVE-2020-9415

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9415",
    "description": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.",
    "id": "GSD-2020-9415"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9415"
      ],
      "details": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.",
      "id": "GSD-2020-9415",
      "modified": "2023-12-13T01:21:52.560958Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@tibco.com",
        "DATE_PUBLIC": "2020-08-18T17:00:00Z",
        "ID": "CVE-2020-9415",
        "STATE": "PUBLIC",
        "TITLE": "TIBCO Data Virtualization"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": " TIBCO Data Virtualization",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "7.0.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.1.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.2.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": " TIBCO Data Virtualization for AWS Marketplace",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "8.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TIBCO Software Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "The impact of these vulnerabilities includes the theoretical possibility that a malicious user could exfiltrate any data file on the affected system. The malicious user cannot modify or delete any files on the affected system with this vulnerability."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.tibco.com/services/support/advisories",
            "refsource": "CONFIRM",
            "url": "http://www.tibco.com/services/support/advisories"
          },
          {
            "name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
            "refsource": "CONFIRM",
            "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\n TIBCO Data Virtualization versions 7.0.8 and below update to version 7.0.9 or higher\n TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 update to version 8.3.0 or higher\n TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below update to version 8.3.0 or higher"
        }
      ],
      "source": {
        "discovery": "USER"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "ID": "CVE-2020-9415"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.\u0027s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.\u0027s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tibco.com/services/support/advisories",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-08-18T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9415 (GCVE-0-2020-9415)

CNVD-2020-48991

FKIE_CVE-2020-9415

GHSA-RJ75-VQ3G-JPWC

GSD-2020-9415

Tags

Sightings

Nomenclature