Security Advisory Regarding TIBCO JasperReports
Article ID: KB0107981
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports | 7.9.0 |
Description
TIBCO JasperReports Library Directory Traversal Vulnerability
Original release date: March 15, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a directory-traversal vulnerability that
may theoretically allow web server users to access contents of the host
system.
Impact
The impact of this vulnerability includes the theoretical possibility that a
web server using the provided DefaultWebResourceHandler could expose details
of the host system. The disclosed data could include credentials to access
other systems.
CVSS v3 Base Score: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Original release date: March 15, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a directory-traversal vulnerability that
may theoretically allow web server users to access contents of the host
system.
Impact
The impact of this vulnerability includes the theoretical possibility that a
web server using the provided DefaultWebResourceHandler could expose details
of the host system. The disclosed data could include credentials to access
other systems.
CVSS v3 Base Score: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Issue/Introduction
Security Advisory Regarding TIBCO JasperReports Library Directory Traversal Vulnerability
Environment
Products Affected
TIBCO JasperReports Library version 7.9.0
TIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0
TIBCO JasperReports Server versions 7.9.0 and 7.9.1
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and 7.9.1
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and 7.9.1
TIBCO JasperReports Server for Microsoft Azure version 7.9.1
The following component is affected:
* Server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO JasperReports Library version 7.9.0 update to version 7.9.2 or later
TIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0 update to
version 7.9.2 or later
TIBCO JasperReports Server versions 7.9.0 and 7.9.1 update to version 7.9.2
or later
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and 7.9.1
update to version 7.9.2 or later
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and 7.9.1
update to version 7.9.2 or later
TIBCO JasperReports Server for Microsoft Azure version 7.9.1 update to
version 7.9.2 or later
issue:
TIBCO JasperReports Library version 7.9.0 update to version 7.9.2 or later
TIBCO JasperReports Library for ActiveMatrix BPM version 7.9.0 update to
version 7.9.2 or later
TIBCO JasperReports Server versions 7.9.0 and 7.9.1 update to version 7.9.2
or later
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and 7.9.1
update to version 7.9.2 or later
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and 7.9.1
update to version 7.9.2 or later
TIBCO JasperReports Server for Microsoft Azure version 7.9.1 update to
version 7.9.2 or later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-22771
CVE-2022-22771
Feedback
Yes
No
Powered by
