TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: January 12, 2022 - TIBCO Data Virtualization - 2021-35500
- TIBCO Data Virtualization versions 8.3.0 and below
- TIBCO Data Virtualization version 8.4.0
- TIBCO Data Virtualization version 8.5.0
- TIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below
The following component is affected:
- Data Virtualization Server
The component listed above contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user’s permissions on the affected system.
Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system.
CVSS v3 Base Score: 6.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later
- TIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later
- TIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later
- TIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later