TIBCO JasperReports Server Cross Site Scripting Vulnerability
CVE-2018-5431

6.3MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Jasperreports Server; Tibco Jasperreports Server Community Edition; Tibco Jasperreports Server For Activematrix Bpm; Tibco Jaspersoft For Aws With Multi-tenancy
Vendor: CVE Published:; 17 April 2018

Summary

The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Affected Version(s)

TIBCO JasperReports Server <= 6.2.4

TIBCO JasperReports Server 6.3.0

TIBCO JasperReports Server 6.3.2

References

https://www.tibco.com/support/advisories/2018/04/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2018
Vulnerability Reserved
Jan 12, 2018