TIBCO JasperReports Library 6.x < 6.3.5 / 6.4.1 / 6.4.2 / 6.4.21 / 7.1.0 / 7.2.0 Directory Traversal (CVE-2018-18809)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(171214);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/09");

  script_cve_id("CVE-2018-18809");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/01/19");

  script_name(english:"TIBCO JasperReports Library 6.x < 6.3.5 / 6.4.1 / 6.4.2 / 6.4.21 / 7.1.0 / 7.2.0 Directory Traversal (CVE-2018-18809)");

  script_set_attribute(attribute:"synopsis", value:
"A Java reporting engine library is affected by a directory traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the TIBCO JasperReports Library on the remote host is 6.x < 6.3.5, 6.4.1,
6.4.2, 6.4.21, 7.1.0, or 7.2.0. It is, therefore, affected by a directory traversal vulnerability in the default server
implementation that can allow web server users to access contents of the host system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?79c9f1d4");
  script_set_attribute(attribute:"solution", value:
"Upgrade to TIBCO JasperReports Library 6.3.5, 6.4.22, 7.1.1, or 7.2.1 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18809");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"TIBCO JasperSoft Path Traversal");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tibco:jasperreports_library");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tibco_jasperreports_library_jar_detect.nbin");
  script_require_keys("installed_sw/JasperReports Library");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'JasperReports Library');

var constraints = [
  {'min_version':'6.0', 'fixed_version':'6.3.5'},
  {'equal':'6.4.1', 'fixed_version':'6.4.22'},
  {'equal':'6.4.2', 'fixed_version':'6.4.22'},
  {'equal':'6.4.21', 'fixed_version':'6.4.22'},
  {'equal':'6.4.1', 'fixed_version':'6.4.22'},
  {'equal':'7.1.0', 'fixed_version':'7.1.1'},
  {'equal':'7.2.0', 'fixed_version':'7.2.1'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);