Security Advisory regarding TIBCO JasperReports Server
Article ID: KB0108079
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports Server | 6.3.4, 6.4.0 ,6.4.1 ,6.4.2 ,6.4.3 ,7.1.0 |
Description
TIBCO JasperReports Server Privilege Escalation Via Race Condition
Original release date: March 6, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a race-condition vulnerability that may
allow any users with domain save privileges to gain superuser privileges.
Impact
The impact of this vulnerability includes the theoretical possibility
of gaining system admin access to the JasperReports Server process.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO JasperReports Server versions 6.3.4 and below
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3
TIBCO JasperReports Server version 7.1.0
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
The following components are affected:
* domain management
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5
or higher
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to
version 6.4.4 or higher
TIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
update to version 6.4.4 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5
or higher
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to
version 6.4.4 or higher
TIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
update to version 6.4.4 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
update to version 7.1.1 or higher
Issue/Introduction
Security Advisory regarding TIBCO JasperReports Server
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-18808
http://www.tibco.com/services/support/advisories
CVE-2018-18808
Feedback
Yes
No
Powered by
