Security Advisory for TIBCO JasperReports Library
Article ID: KB0108109
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports Server | 6.2.4 and below, 6.3.0, 6.3.2, 6.3.3, 6.4.0, 6.4.2, Community Edition 6.4.2 and below |
| TIBCO JasperReports Library for ActiveMatrix BPM | 6.4.2 and below |
| TIBCO Jaspersoft Studio | 6.2.4 and below, 6.3.0, 6.3.2, 6.3.3, 6.4.0, 6.4.2 |
Description
Description
The component listed above contain a vulnerability which may allow
analytic reports that contain scripting to perform arbitrary code execution.
Impact
The impact of this vulnerability includes the possibility of arbitrary
code execution with the privileges of the operation system process that
contains the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
The component listed above contain a vulnerability which may allow
analytic reports that contain scripting to perform arbitrary code execution.
Impact
The impact of this vulnerability includes the possibility of arbitrary
code execution with the privileges of the operation system process that
contains the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory for TIBCO JasperReports Library
Environment
Systems Affected
TIBCO JasperReports Server versions 6.2.4 and below
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3
TIBCO JasperReports Server version 6.4.0 and 6.4.2
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
TIBCO JasperReports Library versions 6.2.4 and below
TIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3
TIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2
TIBCO JasperReports Library Community Edition versions 6.4.3 and below
TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
TIBCO Jaspersoft Studio versions 6.2.4 and below
TIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3
TIBCO Jaspersoft Studio versions 6.4.0 and 6.4.2
TIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below
TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below
The following components are affected:
* report scripting
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.2.4 and below update to
version 6.2.5 or higher
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to
version 6.3.4 or higher
TIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to
version 6.4.3 or higher
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Library versions 6.2.4 and below
update to version 6.2.5 or higher
TIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3
update to version 6.3.4 or higher
TIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2
update to version 6.4.21 or higher
TIBCO JasperReports Library Community Edition versions 6.4.3 and below
update to version 6.5.0 or higher
TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.21
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Studio versions 6.2.4 and below
update to version 6.2.5 or higher
TIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3
update to version 6.3.4 or higher
TIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2
update to version 6.4.21 or higher
TIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below
update to version 6.5.0 or higher
TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.21 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.2.4 and below update to
version 6.2.5 or higher
TIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to
version 6.3.4 or higher
TIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to
version 6.4.3 or higher
TIBCO JasperReports Server Community Edition versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO JasperReports Library versions 6.2.4 and below
update to version 6.2.5 or higher
TIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3
update to version 6.3.4 or higher
TIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2
update to version 6.4.21 or higher
TIBCO JasperReports Library Community Edition versions 6.4.3 and below
update to version 6.5.0 or higher
TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.21
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below
update to version 6.4.3 or higher
TIBCO Jaspersoft Studio versions 6.2.4 and below
update to version 6.2.5 or higher
TIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3
update to version 6.3.4 or higher
TIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2
update to version 6.4.21 or higher
TIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below
update to version 6.5.0 or higher
TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below
update to version 6.4.21 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-5429
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-5429
Feedback
Yes
No
Powered by
