10 matches found
CVE-2018-5430
CVE-2018-5430 affects TIBCO JasperReports Server family (including Community Edition, ActiveMatrix BPM, AWS variants) with Spring web flows information disclosure. Exploitable by any authenticated user to read-only access to the web application’s contents, including key configuration files. Affec...
CVE-2018-18809
TIBCO JasperReports Library and related JasperReports Server components are affected by a directory traversal vulnerability (CVE-2018-18809) in their default server implementations. The issue could allow web server users to access contents of the host system via specially crafted URL requests con...
CVE-2017-5528
CVE-2017-5528 affects multiple TIBCO/JasperReports Server components where authorized users may perform XSS and CSRF attacks, potentially leading to partial disclosure of sensitive information. Affected are TIBCO JasperReports Server (versions <=6.1.1, 6.2.0, 6.2.1, 6.3.0), JasperReports Serve...
CVE-2017-5532
The CVE-2017-5532 entry concerns a persistent XSS vulnerability in the report renderer component across multiple TIBCO/Jaspersoft products (JasperReports Server and related editions, JasperReports Library, AWS variants, Studio, and related ActiveMatrix BPM variants). Affected releases include Jas...
CVE-2018-18815
CVE-2018-18815 affects the REST API component of TIBCO JasperReports Server and related editions, enabling unauthenticated bypass of authorization for portions of the HTTP interface. Affected releases include JasperReports Server 6.4.0–6.4.3 and 7.1.0, Community Edition up to 7.1.0, ActiveMatrix ...
CVE-2018-18808
The CVE-2018-18808 entry describes a race-condition vulnerability in the domain management component of TIBCO JasperReports Server and related products (Server, Community Edition, ActiveMatrix BPM, AWS with Multi-Tenancy, and AWS Reporting/Analytics). Affected releases include multiple 6.x and 7....
CVE-2018-5429
CVE-2018-5429 affects multiple TIBCO JasperReports products (Server, Library, Studio and related editions) where the report scripting component may allow analytic reports with scripting to execute arbitrary code. The vulnerability is due to a flaw in the report scripting component and impacts a w...
CVE-2017-5533
CVE-2017-5533 affects TIBCO JasperReports Server family (Server, Community Edition, ActiveMatrix BPM, AWS variants) with a vulnerability in the server content cache that fails to block remote access to web application contents, including configuration files. Affected releases are 6.4.0 across the...
CVE-2018-5431
CVE-2018-5431 affects TIBCO JasperReports Server family: JasperReports Server (up to 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2), JasperReports Server Community Edition (up to 6.4.2), JasperReports Server for ActiveMatrix BPM (up to 6.4.2), TIBCO Jaspersoft for AWS with Multi-Tenancy (up to 6.4.2),...
CVE-2018-18816
The CVE-2018-18816 entry describes a persistent cross-site scripting (XSS) vulnerability in the repository component of TIBCO JasperReports/Jaspersoft products (Server, Community Edition, ActiveMatrix BPM, and AWS variants). Affected versions include: JasperReports Server up to 6.3.4; 6.4.0–6.4.3...