CVE-2018-18815

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 6.4.0 through 6.4.3 and 7.1.0 TIBCO JasperReports Server Community Edition versions up to and including 7.1.0 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.3 TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 7.1.0 TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 7.1.0

Description The REST API component of the affected software contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface.

Recommendations For TIBCO JasperReports Server versions 6.4.0 through 6.4.3 and 7.1.0, update to a version that includes the fix for this issue. For TIBCO JasperReports Server Community Edition versions up to and including 7.1.0, update to a version that includes the fix for this issue. For TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.3, update to a version that includes the fix for this issue. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions up to and including 7.1.0, update to a version that includes the fix for this issue. For TIBCO Jaspersoft Reporting and Analytics for AWS versions up to and including 7.1.0, update to a version that includes the fix for this issue.