PT-2018-16950 · Tibco · Tibco Jasperreports Server Community Edition+4
Published
2018-04-17
·
Updated
2019-10-09
·
CVE-2018-5431
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO JasperReports Server versions up to and including 6.4.2
TIBCO JasperReports Server Community Edition versions up to and including 6.4.2
TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2
TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 6.4.2
TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 6.4.2
Description
The domain designer component contains a vulnerability that may allow persisted cross-site scripting (XSS) attacks in the context of a non-default permissions configuration.
Recommendations
For TIBCO JasperReports Server versions up to and including 6.4.2, update to a version later than 6.4.2 to resolve the issue.
For TIBCO JasperReports Server Community Edition versions up to and including 6.4.2, update to a version later than 6.4.2 to resolve the issue.
For TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2, update to a version later than 6.4.2 to resolve the issue.
For TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 6.4.2, update to a version later than 6.4.2 to resolve the issue.
For TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 6.4.2, update to a version later than 6.4.2 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Jasperreports Server
Tibco Jasperreports Server Community Edition
Tibco Jasperreports Server For Activematrix Bpm
Tibco Jaspersoft Reporting/Analytics For Aws
Tibco Jaspersoft For Aws With Multi-Tenancy