CVE-2018-18808

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions up to and including 7.1.0 TIBCO JasperReports Server Community Edition versions up to and including 7.1.0 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.3 TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 7.1.0 TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 7.1.0

Description The domain management component of the affected TIBCO software products contains a race-condition issue that may allow users with domain save privileges to gain superuser privileges.

Recommendations For TIBCO JasperReports Server versions up to and including 7.1.0, update to a version later than 7.1.0 to resolve the issue. For TIBCO JasperReports Server Community Edition versions up to and including 7.1.0, update to a version later than 7.1.0 to resolve the issue. For TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.3, update to a version later than 6.4.3 to resolve the issue. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 7.1.0, update to a version later than 7.1.0 to resolve the issue. For TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 7.1.0, update to a version later than 7.1.0 to resolve the issue.