All the vulnerabilites related to TIBCO Software Inc. - TIBCO JasperReports Server
cve-2020-9409
Vulnerability from cvelistv5
Published
2020-05-20 12:25
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Fails To Enforce Access Restrictions
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative UI component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server \"superuser\" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that an unauthenticated user obtains JasperReports Server \"superuser\" permission, and further might be able to execute arbitrary code with the system account that started the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server for AWS Marketplace versions 7.1.1 and below update to version 7.2.0 or higher\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO JasperReports Server Fails To Enforce Access Restrictions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-05-19T17:00:00Z",
"ID": "CVE-2020-9409",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Fails To Enforce Access Restrictions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative UI component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server \"superuser\" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that an unauthenticated user obtains JasperReports Server \"superuser\" permission, and further might be able to execute arbitrary code with the system account that started the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server for AWS Marketplace versions 7.1.1 and below update to version 7.2.0 or higher\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9409",
"datePublished": "2020-05-20T12:25:13.045417Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-17T01:16:13.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5431
Vulnerability from cvelistv5
Published
2018-04-17 18:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Cross Site Scripting Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.3.0 Version: 6.3.2 Version: 6.3.3 Version: 6.4.0 Version: 6.4.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The domain designer component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact includes the theoretical possibility of a user performing operations using another user\u0027s access, including administrative functions being performed by a non-administrative user.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T17:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO JasperReports Server Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-04-17T16:00:00.000Z",
"ID": "CVE-2018-5431",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.2.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The domain designer component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact includes the theoretical possibility of a user performing operations using another user\u0027s access, including administrative functions being performed by a non-administrative user."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5431",
"datePublished": "2018-04-17T18:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:56:35.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35496
Vulnerability from cvelistv5
Published
2021-10-12 17:35
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
TIBCO JasperReports XML Eternal Entity (XXE) vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Dr. Florian Hauser, CODE WHITE GmbH for discovery of this vulnerability."
}
],
"datePublic": "2021-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMLA Connections component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to the affected systems data and the ability to cause a denial of service (DOS) on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T19:06:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "Dr. Florian Hauser, CODE WHITE GmbH"
},
"title": "TIBCO JasperReports XML Eternal Entity (XXE) vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
"ID": "CVE-2021-35496",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports XML Eternal Entity (XXE) vulnerability",
"UPDATED": "2021-11-02T17:00:00Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.2.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Dr. Florian Hauser, CODE WHITE GmbH for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLA Connections component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to the affected systems data and the ability to cause a denial of service (DOS) on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "Dr. Florian Hauser, CODE WHITE GmbH"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-35496",
"datePublished": "2021-10-12T17:35:14.158822Z",
"dateReserved": "2021-06-24T00:00:00",
"dateUpdated": "2024-09-17T03:43:38.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18809
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Library Directory Traversal Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107351 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2019/Sep/17 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html | x_refsource_MISC | |
| https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html | x_refsource_MISC | |
| https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Library |
Version: unspecified < Version: 6.4.1 Version: 6.4.2 Version: 6.4.21 Version: 7.1.0 Version: 7.2.0 |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107351"
},
{
"name": "20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Library",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.21"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.2.0"
}
]
},
{
"product": "TIBCO JasperReports Library Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "7.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability."
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default server implementation of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T20:54:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107351"
},
{
"name": "20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO JasperReports Library Directory Traversal Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2018-18809",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.21"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.2.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.7.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.21"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default server implementation of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107351"
},
{
"name": "20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/17"
},
{
"name": "http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html"
},
{
"name": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html",
"refsource": "MISC",
"url": "https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-18809",
"datePublished": "2019-03-07T22:00:00Z",
"dateReserved": "2018-10-29T00:00:00",
"dateUpdated": "2024-09-17T00:10:56.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22773
Vulnerability from cvelistv5
Published
2022-05-17 17:30
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Mohamed Rezgui for discovery of this vulnerability."
}
],
"datePublic": "2022-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The REST API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T18:06:17",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Community Edition versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Developer Edition versions 8.0.0 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.2 and below: This product is deprecated and should be uninstalled\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.1 and below: update to version 8.0.2 or later"
}
],
"title": "TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22773",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Mohamed Rezgui for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-jasperreports-server-cve-2022-22773"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Community Edition versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server - Developer Edition versions 8.0.0 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.1 and below: update to version 8.0.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.2 and below: This product is deprecated and should be uninstalled\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.1 and below: update to version 8.0.2 or later"
}
],
"source": {
"discovery": ""
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22773",
"datePublished": "2022-05-17T17:30:13.151280Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-16T20:36:15.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18816
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Persistent Cross Site Scripting Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107348 | vdb-entry, x_refsource_BID | |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.4.0 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 7.1.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "107348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "7.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The repository component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "107348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO JasperReports Persistent Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2018-18816",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Persistent Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The repository component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "107348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107348"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-18816",
"datePublished": "2019-03-07T22:00:00Z",
"dateReserved": "2018-10-29T00:00:00",
"dateUpdated": "2024-09-16T17:58:45.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5528
Vulnerability from cvelistv5
Published
2017-06-29 14:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server cross-site vulnerabilities
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.2.0 Version: 6.2.1 Version: 6.3.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.3.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-29T14:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017"
}
],
"title": "TIBCO JasperReports Server cross-site vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-06-28T09:00:00-07",
"ID": "CVE-2017-5528",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server cross-site vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.2.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below)."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2017-5528",
"datePublished": "2017-06-29T14:00:00Z",
"dateReserved": "2017-01-19T00:00:00",
"dateUpdated": "2024-09-16T16:58:24.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22771
Vulnerability from cvelistv5
Published
2022-03-15 17:05
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Library Directory Traversal Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Library |
Version: 7.9.0 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Library",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.1"
}
]
}
],
"datePublic": "2022-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Server component of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Library version 7.9.0 update to version 7.9.2 or later\nTIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0 update to version 7.9.2 or later\nTIBCO JasperReports Server versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.9.1 update to version 7.9.2 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO JasperReports Library Directory Traversal Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-03-15T17:00:00Z",
"ID": "CVE-2022-22771",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
},
{
"version_affected": "=",
"version_value": "7.9.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
},
{
"version_affected": "=",
"version_value": "7.9.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
},
{
"version_affected": "=",
"version_value": "7.9.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Server component of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Library version 7.9.0 update to version 7.9.2 or later\nTIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0 update to version 7.9.2 or later\nTIBCO JasperReports Server versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and 7.9.1 update to version 7.9.2 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.9.1 update to version 7.9.2 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22771",
"datePublished": "2022-03-15T17:05:11.270158Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-17T02:57:15.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8986
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-09-17 03:37
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server XML Entity Expansion Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.4.0 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Julien Szlamowicz and Sebastien Dudek of Synacktiv for discovery of this vulnerability."
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SOAP API component vulnerability of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "foo",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T21:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\n TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO JasperReports Server XML Entity Expansion Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2019-8986",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server XML Entity Expansion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Julien Szlamowicz and Sebastien Dudek of Synacktiv for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SOAP API component vulnerability of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "foo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\n TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8986",
"datePublished": "2019-03-07T22:00:00Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-17T03:37:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5430
Vulnerability from cvelistv5
Published
2018-04-17 18:00
Modified
2024-09-16 23:50
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44623/ | exploit, x_refsource_EXPLOIT-DB | |
| https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/ | x_refsource_MISC | |
| https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.3.0 Version: 6.3.2 Version: 6.3.3 Version: 6.4.0 Version: 6.4.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44623/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Hector Monsegur at Rhino Security Labs for discovery of this vulnerability."
}
],
"datePublic": "2018-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spring web flows of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"name": "44623",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44623/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO JasperReports Server Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-04-17T16:00:00.000Z",
"ID": "CVE-2018-5430",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.2.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Hector Monsegur at Rhino Security Labs for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spring web flows of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44623/"
},
{
"name": "https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/"
},
{
"name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5430",
"datePublished": "2018-04-17T18:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T23:50:51.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41563
Vulnerability from cvelistv5
Published
2022-12-15 03:44
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Stored XSS Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
}
],
"datePublic": "2022-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dashboard component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user. This vulnerability can allow the attacker to exploit associated resources other than the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO JasperReports Server Stored XSS Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41563",
"datePublished": "2022-12-15T03:44:03.964951Z",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-09-16T19:36:24.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18815
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-09-16 16:12
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server User Information Disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815 | x_refsource_CONFIRM | |
| http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107346 | vdb-entry, x_refsource_BID | |
| https://www.zerodayinitiative.com/advisories/ZDI-19-305/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: 6.4.0 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 7.1.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:07.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "7.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIBCO would like to extend its appreciation to Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative for discovery of this vulnerability."
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The REST API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of unauthenticated read access to the contents of the host system, when combined with the vulnerability identified by CVE-2018-18809.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T14:06:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TIBCO JasperReports Server User Information Disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2018-18815",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server User Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of unauthenticated read access to the contents of the host system, when combined with the vulnerability identified by CVE-2018-18809."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107346"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-18815",
"datePublished": "2019-03-07T22:00:00Z",
"dateReserved": "2018-10-29T00:00:00",
"dateUpdated": "2024-09-16T16:12:36.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5533
Vulnerability from cvelistv5
Published
2017-11-15 21:00
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server credentials disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | x_refsource_CONFIRM | |
| http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101878 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | x_refsource_CONFIRM | |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: 6.4.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017"
},
{
"name": "101878",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact includes the possible access to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:41",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017"
},
{
"name": "101878",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "TIBCO JasperReports Server credentials disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-11-17T17:00:00.000Z",
"ID": "CVE-2017-5533",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server credentials disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_value": "6.4.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact includes the possible access to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017"
},
{
"name": "101878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101878"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
},
"solution": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\n\n TIBCO JasperReports Server versions 6.4.0 update to version 6.4.2 or higher\n\n TIBCO JasperReports Server Community Edition version 6.4.0 update to version 6.4.2 or higher\n\n TIBCO JasperReports Server for ActiveMatrix BPM version 6.4.0 update to version 6.4.2 or higher\n\n TIBCO Jaspersoft for AWS with Multi-Tenancy version 6.4.0 update to version 6.4.2 or higher\n \n TIBCO Jaspersoft Reporting and Analytics for AWS version 6.4.0 update to version 6.4.2 or higher"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2017-5533",
"datePublished": "2017-11-15T21:00:00Z",
"dateReserved": "2017-01-19T00:00:00",
"dateUpdated": "2024-09-16T23:06:29.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5429
Vulnerability from cvelistv5
Published
2018-04-17 18:00
Modified
2024-09-17 00:32
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Library Code Sandboxing Problem
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Library",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "TIBCO JasperReports Library Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Studio",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "TIBCO Jaspersoft Studio Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the report scripting component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T17:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO JasperReports Library Code Sandboxing Problem",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-04-17T09:00:00-07",
"ID": "CVE-2018-5429",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library Code Sandboxing Problem"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.2.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.2.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.2.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.3.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the report scripting component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5429",
"datePublished": "2018-04-17T18:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T00:32:19.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5529
Vulnerability from cvelistv5
Published
2017-06-29 14:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Library Information Disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Library Community Edition |
Version: 6.4.0 |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Library Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Professional",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.3.0"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.3.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:41",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "TIBCO JasperReports Library Information Disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-06-28T09:00:00-07",
"ID": "CVE-2017-5529",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Library Community Edition",
"version": {
"version_data": [
{
"version_value": "6.4.0",
"versions_affected": "\u003c="
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.2.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Professional",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.2.1"
},
{
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.2.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below)."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2017-5529",
"datePublished": "2017-06-29T14:00:00Z",
"dateReserved": "2017-01-19T00:00:00",
"dateUpdated": "2024-09-17T02:52:33.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35494
Vulnerability from cvelistv5
Published
2021-10-12 17:35
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
TIBCO JasperReports unauthorized access to temporary object
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
}
],
"datePublic": "2021-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Rest API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability results in the attacker gaining unauthorized read access to the data of other users on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T18:06:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO JasperReports unauthorized access to temporary object",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
"ID": "CVE-2021-35494",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports unauthorized access to temporary object"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.2.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rest API component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability results in the attacker gaining unauthorized read access to the data of other users on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-35494",
"datePublished": "2021-10-12T17:35:11.042155Z",
"dateReserved": "2021-06-24T00:00:00",
"dateUpdated": "2024-09-17T00:51:58.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35495
Vulnerability from cvelistv5
Published
2021-10-12 17:35
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
TIBCO JasperReports FTP Password exposed
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:40:46.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.5.1"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.9.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.8.0"
}
]
}
],
"datePublic": "2021-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Scheduler Connection component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in an attacker gaining access to the victim\u2019s FTP server at the privilege level of the victim.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T18:06:15",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO JasperReports FTP Password exposed",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
"ID": "CVE-2021-35495",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports FTP Password exposed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.2.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.5.0"
},
{
"version_affected": "=",
"version_value": "7.5.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Community Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.8.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server - Developer Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.9.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scheduler Connection component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in an attacker gaining access to the victim\u2019s FTP server at the privilege level of the victim."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-35495",
"datePublished": "2021-10-12T17:35:12.623465Z",
"dateReserved": "2021-06-24T00:00:00",
"dateUpdated": "2024-09-16T18:12:56.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9410
Vulnerability from cvelistv5
Published
2020-05-20 12:25
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Library
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Library |
Version: unspecified < Version: 7.2.0 Version: 7.2.1 Version: 7.3.0 Version: 7.5.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Library",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.5.0"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.5.0"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The report generator component of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that an attacker could gain full control of the web interface displaying a generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the highest privileged owner that views a maliciously generated report.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:15:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Library versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Library versions 7.2.0 and 7.2.1 update to version 7.2.2 or higher\nTIBCO JasperReports Library version 7.3.0 update to version 7.3.1 or higher\nTIBCO JasperReports Library version 7.5.0 update to version 7.5.1 or higher\nTIBCO JasperReports Library for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server version 7.2.0 update to version 7.2.1 or higher\nTIBCO JasperReports Server version 7.5.0 update to version 7.5.1 or higher\nTIBCO JasperReports Server for AWS Marketplace versions 7.5.0 and below update to version 7.5.1 or higher\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO JasperReports Library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-05-19T17:00:00Z",
"ID": "CVE-2020-9410",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.3.0"
},
{
"version_affected": "=",
"version_value": "7.5.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.5.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.5.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The report generator component of TIBCO Software Inc.\u0027s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that an attacker could gain full control of the web interface displaying a generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the highest privileged owner that views a maliciously generated report."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Library versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Library versions 7.2.0 and 7.2.1 update to version 7.2.2 or higher\nTIBCO JasperReports Library version 7.3.0 update to version 7.3.1 or higher\nTIBCO JasperReports Library version 7.5.0 update to version 7.5.1 or higher\nTIBCO JasperReports Library for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server versions 7.1.1 and below update to version 7.1.3 or higher\nTIBCO JasperReports Server version 7.2.0 update to version 7.2.1 or higher\nTIBCO JasperReports Server version 7.5.0 update to version 7.5.1 or higher\nTIBCO JasperReports Server for AWS Marketplace versions 7.5.0 and below update to version 7.5.1 or higher\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below update to version 7.1.3 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9410",
"datePublished": "2020-05-20T12:25:13.466596Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-16T19:24:39.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41562
Vulnerability from cvelistv5
Published
2022-12-15 03:44
Modified
2024-09-16 22:01
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server XSS Issue on Roles
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
}
],
"datePublic": "2022-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTML escaping component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to JasperReports Server and hang or frequently repeatable crash (complete DOS) of the affected system. This vulnerability can allow the attacker to exploit associated resources other than the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO JasperReports Server XSS Issue on Roles"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41562",
"datePublished": "2022-12-15T03:44:03.964951Z",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-09-16T22:01:43.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18808
Vulnerability from cvelistv5
Published
2019-03-07 22:00
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server Privilege Escalation Via Race Condition
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tibco.com/services/support/advisories | x_refsource_MISC | |
| https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107350 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < Version: 6.4.0 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 7.1.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808"
},
{
"name": "107350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "7.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The domain management component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of gaining system admin access to the JasperReports Server process.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808"
},
{
"name": "107350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107350"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO JasperReports Server Privilege Escalation Via Race Condition",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2018-18808",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Privilege Escalation Via Race Condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The domain management component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of gaining system admin access to the JasperReports Server process."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808"
},
{
"name": "107350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107350"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-18808",
"datePublished": "2019-03-07T22:00:00Z",
"dateReserved": "2018-10-29T00:00:00",
"dateUpdated": "2024-09-16T19:46:17.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41561
Vulnerability from cvelistv5
Published
2022-12-15 03:44
Modified
2024-09-17 02:05
Severity ?
EPSS score ?
Summary
TIBCO JasperReports Server RCE Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: unspecified < |
||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO JasperReports Server for Microsoft Azure",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "8.1.0"
}
]
}
],
"datePublic": "2022-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JNDI Data Sources component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in an attacker gaining full user access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41561"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server - Community Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later\nTIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later\nTIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO JasperReports Server RCE Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41561",
"datePublished": "2022-12-15T03:44:03.964951Z",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-09-17T02:05:41.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5532
Vulnerability from cvelistv5
Published
2017-11-15 21:00
Modified
2024-09-16 20:48
Severity ?
EPSS score ?
Summary
TIBCO JasperReports persistent cross site scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101873 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO JasperReports Server |
Version: 6.2.3 and below Version: 6.3.0 Version: 6.3.1 Version: 6.3.2 Version: 6.4.0 |
||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO JasperReports Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.2.3 and below"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO JasperReports Server Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0 and below"
}
]
},
{
"product": "TIBCO JasperReports Server for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0 and below"
}
]
},
{
"product": "TIBCO JasperReports Library",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.2.3 and below"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.1"
}
]
},
{
"product": "TIBCO JasperReports Library for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.1 and below"
}
]
},
{
"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0 and below"
}
]
},
{
"product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0 and below"
}
]
},
{
"product": "TIBCO Jaspersoft Studio",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.2.3 and below"
},
{
"status": "affected",
"version": "6.3.0"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.4.0"
}
]
},
{
"product": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "6.4.0 and below"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that a malicious user can gain access to a more privileged account.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532"
},
{
"name": "101873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101873"
}
],
"title": "TIBCO JasperReports persistent cross site scripting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-11-17T17:00:00.000Z",
"ID": "CVE-2017-5532",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports persistent cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_value": "6.2.3 and below"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.3.2"
},
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_value": "6.4.0 and below"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_value": "6.4.0 and below"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"version_value": "6.2.3 and below"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.3.2"
},
{
"version_value": "6.4.0"
},
{
"version_value": "6.4.1"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_value": "6.4.1 and below"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_value": "6.4.0 and below"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_value": "6.4.0 and below"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio",
"version": {
"version_data": [
{
"version_value": "6.2.3 and below"
},
{
"version_value": "6.3.0"
},
{
"version_value": "6.3.1"
},
{
"version_value": "6.3.2"
},
{
"version_value": "6.4.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_value": "6.4.0 and below"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that a malicious user can gain access to a more privileged account."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532"
},
{
"name": "101873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101873"
}
]
},
"solution": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\n\n TIBCO JasperReports Server versions 6.2.X update to version 6.2.4 or higher\n TIBCO JasperReports Server versions 6.3.X update to version 6.3.3 or higher\n TIBCO JasperReports Server version 6.4.0 update to version 6.4.2 or higher\n\n TIBCO JasperReports Server Community Edition versions 6.4.0 and below update to version 6.4.2 or higher\n\n TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.0 and below update to version 6.4.2 or higher\n\n TIBCO JasperReports Library versions 6.2.X update to version 6.2.4 or higher\n TIBCO JasperReports Library versions 6.3.X update to version 6.3.3 or higher\n TIBCO JasperReports Library versions 6.4.X update to version 6.4.2 or higher\n\n TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.X update to version 6.4.2\n\n TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.0 and below update to version 6.4.2 or higher\n \n TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.0 and below update to version 6.4.2 or higher\n\n TIBCO Jaspersoft Studio versions 6.2.X update to version 6.2.4\n TIBCO Jaspersoft Studio versions 6.3.X update to version 6.3.3\n TIBCO Jaspersoft Studio version 6.4.0 update to version 6.4.2\n \n TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 update to version 6.4.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2017-5532",
"datePublished": "2017-11-15T21:00:00Z",
"dateReserved": "2017-01-19T00:00:00",
"dateUpdated": "2024-09-16T20:48:07.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}