CVE-2018-18815

🗓️ 07 Mar 2019 22:00:00Reported by tibcoType

"Vulnerability in TIBCO JasperReports Server REST API allows unauthenticated users to bypass authorization checks

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2018-18815	8 Mar 201900:21	–	circl
Cvelist	CVE-2018-18815 TIBCO JasperReports Server User Information Disclosure	7 Mar 201922:00	–	cvelist
EUVD	EUVD-2018-10531	7 Oct 202500:30	–	euvd
NVD	CVE-2018-18815	7 Mar 201922:29	–	nvd
OSV	CVE-2018-18815	7 Mar 201922:29	–	osv
Prion	Authorization	7 Mar 201922:29	–	prion
Zero Day Initiative	Jaspersoft JasperReports Server ResourceForwardingServlet URI Improper Access Control Vulnerability	6 Mar 201900:00	–	zdi
Zero Day Initiative	Jaspersoft JasperReports Server DiagnosticDataCipherer Hard-coded Cryptographic Key Information Disclosure Vulnerability	2 Apr 201900:00	–	zdi

NVD

Node

tibco jasperreports_serverRange≤6.4.3activematrix_bpm

tibco jasperreports_serverRange≤7.1.0community

tibco jasperreports_serverMatch6.4.0

tibco jasperreports_serverMatch6.4.1

tibco jasperreports_serverMatch6.4.2

tibco jasperreports_serverMatch6.4.3

tibco jasperreports_serverMatch7.1.0

Node

tibco jaspersoftRange≤7.1.0aws_with_multi-tenancy

tibco jaspersoft_reporting_and_analyticsRange≤7.1.0aws

[
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.4.1"
      },
      {
        "status": "affected",
        "version": "6.4.2"
      },
      {
        "status": "affected",
        "version": "6.4.3"
      },
      {
        "status": "affected",
        "version": "7.1.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for ActiveMatrix BPM",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.4.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/107346
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-19-305/
tibco	www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18815
tibco	www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809
tibco	www.tibco.com/services/support/advisories

21 Nov 2024 03:56Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 39.8 - 10

EPSS0.00242

CWE-863