TIBCO JasperReports Server Cross Site Scripting Vulnerability
CVE-2018-5431

6.3MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Jasperreports Server; Tibco Jasperreports Server Community Edition; Tibco Jasperreports Server For Activematrix Bpm; Tibco Jaspersoft For Aws With Multi-tenancy
Vendor: CVE Published:; 17 April 2018

What is CVE-2018-5431?

The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Affected Version(s)

TIBCO JasperReports Server <= 6.2.4

TIBCO JasperReports Server 6.3.0

TIBCO JasperReports Server 6.3.2

References

https://www.tibco.com/support/advisories/2018/04/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2018
Vulnerability Reserved
Jan 12, 2018

Tibco

What is CVE-2018-5431?

Affected Version(s)

References

CVSS V3.1

Timeline