Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-9415 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Data Virtualization Server applications / Virtualization software Data Virtualization for AWS Marketplace Server applications / Virtualization software |
Vendor | TIBCO |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU45761
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9415
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within TIBCO Data Virtualization Server component. A remote authenticated user can download arbitrary file from the system. The user must be authenticated and have privileges required to monitor the server in an operational capacity.
MitigationInstall updates from vendor's website.
Vulnerable software versionsData Virtualization: 7.0.6 - 8.2.0
Data Virtualization for AWS Marketplace: 8.1.0 - 8.2.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.