Security Advisory for TIBCO JasperReport Server
Article ID: KB0108110
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports Server | 6.2.4 and below, 6.3.0, 6.3.2, 6.3.3, 6.4.0, 6.4.2, Community Edition 6.4.2 and below |
Description
Description
The JasperReports Server components listed above contain a vulnerability
which may allow, in the context of a non-default permissions configuration,
persisted cross-site scripting (XSS) attacks.
Impact
The impact includes the theoretical possibility of a user performing
operations using another user's access, including administrative functions
being performed by a non-administrative user.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
The JasperReports Server components listed above contain a vulnerability
which may allow, in the context of a non-default permissions configuration,
persisted cross-site scripting (XSS) attacks.
Impact
The impact includes the theoretical possibility of a user performing
operations using another user's access, including administrative functions
being performed by a non-administrative user.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Issue/Introduction
Security Advisory for TIBCO JasperReport Server
Environment
Systems Affected
TIBCO JasperReports Server versions 6.2.4 and below
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3
TIBCO JasperReports Server versions 6.4.0 and 6.4.2
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
The following components are affected:
* domain designer
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.2.4 and below update to
version 6.2.5 or higher
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to
version 6.3.4 or higher
TIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to
version 6.4.3 or higher
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.2.4 and below update to
version 6.2.5 or higher
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to
version 6.3.4 or higher
TIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to
version 6.4.3 or higher
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
update to version 6.4.3 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-5431
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-5431
Feedback
Yes
No
Powered by
