Vulnerabilities > CVE-2021-35500 - Unspecified vulnerability in Tibco products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

tibco

NVD

Published: 2022-01-12

Updated: 2022-01-19

Summary

The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Data Virtualization 8.5.0 Tibco Data Virtualization 7.0.5 Tibco Data Virtualization 7.0.6 Tibco Data Virtualization 7.0.7 Tibco Data Virtualization 7.0.8 Tibco Data Virtualization 8.0.0 Tibco Data Virtualization 8.1.0 Tibco Data Virtualization 8.1.1 Tibco Data Virtualization 8.2.0 Tibco Data Virtualization 8.4.0 Tibco Data Virtualization FOR AWS Marketplace - Tibco Data Virtualization FOR AWS Marketplace 8.2.0	12

Summary

Vulnerable Configurations

References