PT-2020-20641 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace+2
Alexander Kornbrust
·
Published
2020-05-20
·
Updated
2024-03-06
·
CVE-2020-9409
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TIBCO JasperReports Server versions 7.1.1 and below
TIBCO JasperReports Server for AWS Marketplace versions 7.1.1 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below
Description
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating.
Recommendations
For TIBCO JasperReports Server versions 7.1.1 and below, update to a version above 7.1.1 to resolve the issue.
For TIBCO JasperReports Server for AWS Marketplace versions 7.1.1 and below, update to a version above 7.1.1 to resolve the issue.
For TIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below, update to a version above 7.1.1 to resolve the issue.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Jasperreports Server
Tibco Jasperreports Server For Aws Marketplace
Tibco Jasperreports Server For Activematrix Bpm