Lucene search

[email protected]CVE-2018-18809

HistoryMar 07, 2019 - 10:29 p.m.

CVE-2018-18809

2019-03-0722:29:00

CWE-22

[email protected]

web.nvd.nist.gov

464

In Wild

tibco

jasperreports

cve-2018-18809

directory traversal

security vulnerability

web server

aws

activematrix bpm

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.503 Medium

EPSS

Percentile

97.5%

JSON

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

Affected configurations

NVD

Node

tibcojasperreports_libraryRange≤6.4.21activematrix_bpm

tibcojasperreports_libraryRange≤6.7.0community

tibcojasperreports_libraryMatch6.3.4

tibcojasperreports_libraryMatch6.4.1

tibcojasperreports_libraryMatch6.4.2

tibcojasperreports_libraryMatch6.4.21

tibcojasperreports_libraryMatch7.1.0

tibcojasperreports_libraryMatch7.2.0

tibcojasperreports_serverRange≤6.4.3activematrix_bpm

tibcojasperreports_serverRange≤6.4.3community

tibcojasperreports_serverMatch6.3.4

tibcojasperreports_serverMatch6.4.0

tibcojasperreports_serverMatch6.4.1

tibcojasperreports_serverMatch6.4.2

tibcojasperreports_serverMatch6.4.3

tibcojasperreports_serverMatch7.1.0

tibcojasperreports_serverMatch7.1.0community

Node

tibcojaspersoftRange≤7.1.0aws_with_multi-tenancy

tibcojaspersoft_reporting_and_analyticsRange≤7.1.0aws

CPENameOperatorVersion
tibco:jasperreports_librarytibco jasperreports libraryle6.4.21
tibco:jasperreports_librarytibco jasperreports libraryle6.7.0
tibco:jasperreports_librarytibco jasperreports libraryeq6.3.4
tibco:jasperreports_librarytibco jasperreports libraryeq6.4.1
tibco:jasperreports_librarytibco jasperreports libraryeq6.4.2
tibco:jasperreports_librarytibco jasperreports libraryeq7.1.0
tibco:jasperreports_librarytibco jasperreports libraryeq7.2.0
tibco:jasperreports_servertibco jasperreports serverle6.4.3
tibco:jasperreports_servertibco jasperreports servereq6.3.4
tibco:jasperreports_servertibco jasperreports servereq6.4.0

CPE	Name	Operator	Version
tibco:jasperreports_library	tibco jasperreports library	le	6.4.21
tibco:jasperreports_library	tibco jasperreports library	le	6.7.0
tibco:jasperreports_library	tibco jasperreports library	eq	6.3.4
tibco:jasperreports_library	tibco jasperreports library	eq	6.4.1
tibco:jasperreports_library	tibco jasperreports library	eq	6.4.2
tibco:jasperreports_library	tibco jasperreports library	eq	7.1.0
tibco:jasperreports_library	tibco jasperreports library	eq	7.2.0
tibco:jasperreports_server	tibco jasperreports server	le	6.4.3
tibco:jasperreports_server	tibco jasperreports server	eq	6.3.4
tibco:jasperreports_server	tibco jasperreports server	eq	6.4.0

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "TIBCO JasperReports Library",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.4.1"
      },
      {
        "status": "affected",
        "version": "6.4.2"
      },
      {
        "status": "affected",
        "version": "6.4.21"
      },
      {
        "status": "affected",
        "version": "7.1.0"
      },
      {
        "status": "affected",
        "version": "7.2.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Library Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Library for ActiveMatrix BPM",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.4.21",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.4.1"
      },
      {
        "status": "affected",
        "version": "6.4.2"
      },
      {
        "status": "affected",
        "version": "6.4.3"
      },
      {
        "status": "affected",
        "version": "7.1.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.4.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.1.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for ActiveMatrix BPM",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.4.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]