CVE-2018-5429

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions up to and including 6.4.2 TIBCO JasperReports Server Community Edition versions up to and including 6.4.2 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO JasperReports Library versions up to and including 6.4.2 TIBCO JasperReports Library Community Edition versions up to and including 6.4.3 TIBCO JasperReports Library for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 6.4.2 TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 6.4.2 TIBCO Jaspersoft Studio versions up to and including 6.4.2 TIBCO Jaspersoft Studio Community Edition versions up to and including 6.4.3 TIBCO Jaspersoft Studio for ActiveMatrix BPM versions up to and including 6.4.2

Description A vulnerability in the report scripting component may allow analytic reports that contain scripting to perform arbitrary code execution.

Recommendations For TIBCO JasperReports Server versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO JasperReports Server Community Edition versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO JasperReports Library versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO JasperReports Library Community Edition versions up to and including 6.4.3, update to a version later than 6.4.3. For TIBCO JasperReports Library for ActiveMatrix BPM versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO Jaspersoft Studio versions up to and including 6.4.2, update to a version later than 6.4.2. For TIBCO Jaspersoft Studio Community Edition versions up to and including 6.4.3, update to a version later than 6.4.3. For TIBCO Jaspersoft Studio for ActiveMatrix BPM versions up to and including 6.4.2, update to a version later than 6.4.2.