ByteOS Network

CVE Vulnerability Details :

CVE-2018-18816

PUBLISHED

More Info Official Page

Assigner-tibco

Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db

Published At-07 Mar, 2019 | 22:00

Updated At-16 Sep, 2024 | 17:58

▼CVE Numbering Authority (CNA)

TIBCO JasperReports Persistent Cross Site Scripting Vulnerability

The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

From unspecified through 7.1.0 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected component.

Metrics

Version	Base score	Base severity	Vector
3.0	8.0	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Solutions

TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher TIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher TIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher

References

Hyperlink	Resource
http://www.tibco.com/services/support/advisories	x_refsource_MISC
http://www.securityfocus.com/bid/107348	vdb-entry x_refsource_BID
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.tibco.com/services/support/advisories	x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/107348	vdb-entry x_refsource_BID x_transferred
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-2018-18816	x_refsource_CONFIRM x_transferred

Affected Products

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References