Security Advisory regarding TIBCO JasperReports
Article ID: KB0108082
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports Server | 6.3.4 and below , 6.4.0, 6.4.1, 6.4.2, and 6.4.3, 7.1.0 |
Description
TIBCO JasperReports Persistent Cross Site Scripting Vulnerability
Original release date: March 6, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a persistent cross site scripting
vulnerability.
Impact
The impact of this vulnerability includes the theoretical possibility that
a malicious actor could gain full access to the web interface of the affected
component.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Original release date: March 6, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a persistent cross site scripting
vulnerability.
Impact
The impact of this vulnerability includes the theoretical possibility that
a malicious actor could gain full access to the web interface of the affected
component.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO JasperReports
Environment
Systems Affected
TIBCO JasperReports Server versions 6.3.4 and below
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3
TIBCO JasperReports Server version 7.1.0
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
The following components are affected:
* repository
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5
or higher
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to
version 6.4.4 or higher
TIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
update to version 6.4.4 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5
or higher
TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to
version 6.4.4 or higher
TIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher
TIBCO JasperReports Server Community Edition versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below
update to version 6.4.4 or higher
TIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below
update to version 7.1.1 or higher
TIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below
update to version 7.1.1 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-18816
Feedback
Yes
No
Powered by
