TIBCO JasperReports Library Directory Traversal Vulnerability
CVE-2022-22771

9.9CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Jasperreports Library; Tibco Jasperreports Library For Activematrix Bpm; Tibco Jasperreports Server; Tibco Jasperreports Server For Aws Marketplace
Vendor: CVE Published:; 15 March 2022

Summary

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Affected Version(s)

TIBCO JasperReports Library 7.9.0

TIBCO JasperReports Library for ActiveMatrix BPM 7.9.0

TIBCO JasperReports Server 7.9.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/03/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 15, 2022
Vulnerability Reserved
Jan 7, 2022

Collectors

NVD DatabaseMitre Database