CVE-2020-9415

Name of the Vulnerable Software and Affected Versions TIBCO Data Virtualization versions 7.0.8 and below TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below

Description The issue allows a malicious authenticated user to download any arbitrary file from the affected system, provided the user has the necessary privileges to monitor the server. This requires the user to be authenticated and have operational capacity privileges.

Recommendations For TIBCO Data Virtualization versions 7.0.8 and below, update to a version above 7.0.8 to resolve the issue. For TIBCO Data Virtualization versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0, update to a version above 8.2.0 to resolve the issue. For TIBCO Data Virtualization for AWS Marketplace versions 8.2.0 and below, update to a version above 8.2.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.