CVE-2021-35500

Published Jan 12, 2022

Last updated 3 years ago

CVSS medium 5.5

Overview

Description: The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.
Source: security@tibco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:data_virtualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58C2A35E-A0EA-41B6-B48F-F4F014549D93",
            "versionEndIncluding": "8.3.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:data_virtualization:8.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD2D931C-9084-4B44-A872-DC4B950042A7"
          },
          {
            "criteria": "cpe:2.3:a:tibco:data_virtualization:8.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B922E97-D9D6-4697-8253-76D26E5E8DBA"
          },
          {
            "criteria": "cpe:2.3:a:tibco:data_virtualization_for_aws_marketplace:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B4B7AA2-5578-4DDE-A7D1-0311A77A30C9",
            "versionEndIncluding": "8.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References