Design/Logic Flaw

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620...

CVE-2021-38971

CVE-2021-38971 affects IBM Data Virtualization on Cloud Pak for Data (DV/CPD) versions 1.3.0, 1.4.1, 1.5.0, 1.7.1–1.7.3, where an authorized user could bypass data masking rules and access unmasked data. Root cause: a defect in data masking enforcement during CREATE TABLE AS SELECT WITH DATA, ena...

CVE-2021-38971

IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620...

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 安全漏洞

IBM Data Virtualization on Cloud Pak for Data is a cloud-native solution from IBM USA. It allows you to work with data quickly and efficiently. An information disclosure vulnerability exists in IBM Data Virtualization on Cloud Pak for Data, which can be exploited by attackers to bypass data maski...

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Data Virtualization on Cloud Pak for Data

Summary There is a defect in IBM Data Virtualization on Cloud Pak for Data where Watson Knowledge Catalog data masking rules will not be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement successfully. The newly created table will contain unmasked data. Vulnerability Detai...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update

An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update

An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j

Summary There are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data CVE-2021-45046 and CVE-2021-45105 which is used for logging. The fix includes Apache Log4j 2.17.1. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is affected by critical vulnerability in Log4j (CVE-2021-44228)

Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Data Virtualization on Cloud Pak for Data Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

CVE-2021-35500

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local acces...

CVE-2021-35500

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local acces...

Design/Logic Flaw

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local acces...

CVE-2021-35500 TIBCO Data Virtualization Arbitrary File Download vulnerability

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local acces...

CVE-2021-35500

CVE-2021-35500 affects TIBCO Data Virtualization: Data Virtualization Server. The vulnerability enables a low-privilege, local attacker to download arbitrary files outside the user’s permissions due to insufficient access controls on the file download feature. Affected releases: TIBCO Data Virtua...

Tibco Data Virtualization 信息泄露漏洞

Tibco Data Virtualization is a data virtualization platform from Tibco, USA. An information disclosure vulnerability exists in TIBCO Data Virtualization Server because the product does not add permission restrictions to the file download feature. The vulnerability can be exploited to download...

TIBCO Security Advisory: January 12, 2022 - TIBCO Data Virtualization -2021-35500

TIBCO Data Virtualization Arbitrary File Download vulnerability Original release date: January 12, 2022 Last revised: --- CVE-2021-35500 Source:TIBCO Software Inc. Products Affected TIBCO Data Virtualization versions 8.3.0 and below TIBCO Data Virtualization version 8.4.0 TIBCO Data Virtualizatio...

TIBCO Security Advisory: January 12, 2022 - TIBCO Data Virtualization -2021-35500

TIBCO Data Virtualization Arbitrary File Download vulnerability Original release date: January 12, 2022 Last revised: --- CVE-2021-35500 Source:TIBCO Software Inc. Products Affected TIBCO Data Virtualization versions 8.3.0 and below TIBCO Data Virtualization version 8.4.0 TIBCO Data Virtualizatio...

Security Bulletin: Data protection rules and policies are not enforced on virtualized objects

Summary This problem is applicable for IBM Cloud Pak for Data 3.0.1 environments that have both Data Virtualization and Watson Knowledge Catalog add-ons. This problem is relevant only when using Data Virtualization configured for Watson Knowledge Catalog data policy enforcement. The "Policy...

TIBCO Software Data Virtualization Arbitrary File Download Vulnerability

TIBCO Software Data Virtualization is an enterprise data virtualization solution. An arbitrary file download vulnerability exists in the TIBCO Data Virtualization Server component of TIBCO Software Data Virtualization, which can be exploited by a remote attacker to submit a special request to...

CVE-2020-9415

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user...