Lucene search

[email protected]CVE-2021-35500

HistoryJan 12, 2022 - 7:15 p.m.

CVE-2021-35500

2022-01-1219:15:08

[email protected]

web.nvd.nist.gov

cve-2021-35500

data virtualization

tibco software inc.

vulnerability

local access

arbitrary files

aws marketplace

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user’s permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.

Affected configurations

NVD

Node

tibcodata_virtualizationRange≤8.3.0

tibcodata_virtualizationMatch8.4.0

tibcodata_virtualizationMatch8.5.0

tibcodata_virtualization_for_aws_marketplaceRange≤8.5.0

CPENameOperatorVersion
tibco:data_virtualizationtibco data virtualizationle8.3.0
tibco:data_virtualizationtibco data virtualizationeq8.4.0
tibco:data_virtualizationtibco data virtualizationeq8.5.0
tibco:data_virtualization_for_aws_marketplacetibco data virtualization for aws marketplacele8.5.0

CPE	Name	Operator	Version
tibco:data_virtualization	tibco data virtualization	le	8.3.0
tibco:data_virtualization	tibco data virtualization	eq	8.4.0
tibco:data_virtualization	tibco data virtualization	eq	8.5.0
tibco:data_virtualization_for_aws_marketplace	tibco data virtualization for aws marketplace	le	8.5.0

CNA Affected

[
  {
    "product": "TIBCO Data Virtualization",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Data Virtualization",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "8.4.0"
      }
    ]
  },
  {
    "product": "TIBCO Data Virtualization",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "8.5.0"
      }
    ]
  },
  {
    "product": "TIBCO Data Virtualization for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.5.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-35500

tibco2 nvd1 prion1 cvelist1