CVE-2020-9415

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tibco:data_virtualization::::::::
	cpe:2.3:a:tibco:data_virtualization:8.0.0:::::::*
	cpe:2.3:a:tibco:data_virtualization:8.1.0:::::::*
	cpe:2.3:a:tibco:data_virtualization:8.1.1:::::::*
	cpe:2.3:a:tibco:data_virtualization:8.2.0:::::::*
	cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace::::::::

History

07 Nov 2023, 03:26

Type	Values Removed	Values Added
CWE	~~CWE-200~~	NVD-CWE-noinfo

Information

Published : 2020-08-18 19:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-9415

Mitre link : CVE-2020-9415

CVE.ORG link : CVE-2020-9415

JSON object : View

Products Affected

tibco

data_virtualization_for_aws_marketplace
data_virtualization

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-9415", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2020-08-18T19:15:14.173", "references": [{"url": "http://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below."}, {"lang": "es", "value": "El componente TIBCO Data Virtualization Server de TIBCO Data Virtualization y TIBCO Data Virtualization para AWS Marketplace de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario autenticado malicioso descargar cualquier archivo arbitrario del sistema afectado. El usuario necesita estar autenticado y tener los privilegios necesarios para monitorear el servidor en una capacidad operativa. Las versiones afectadas son TIBCO Data Virtualization de TIBCO Software Inc.: versiones 7.0.8 y anteriores, versiones 8.0.0, 8.1.0, 8.1.1 y 8.2.0 y TIBCO Data Virtualization para AWS Marketplace: versiones 8.2.0 y por debajo."}], "lastModified": "2023-11-07T03:26:53.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83395A7E-2EE3-428C-90F7-C7B5EFA9545D", "versionEndIncluding": "7.0.8"}, {"criteria": "cpe:2.3:a:tibco:data_virtualization:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86BDF0CC-558F-4195-AEE5-6986C897B8C2"}, {"criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70A405F4-C123-455A-84CE-4FF02748A3B2"}, {"criteria": "cpe:2.3:a:tibco:data_virtualization:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4109C903-AD87-4B50-A7A5-C2950EB328BD"}, {"criteria": "cpe:2.3:a:tibco:data_virtualization:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "322435E6-A188-4777-96BF-AC6575F2C1F3"}, {"criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8614DE94-D040-4851-9D59-7D3E13E61DB2", "versionEndIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}