CRITICAL✓ PATCH🇬🇧 English

CVE-2018-18815

CVSS 10.0v3.0pub. 2019-03-07upd. 2024-11-21

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Tibco Jasperreports Server

    APP
    Tibco
    6.4.06.4.16.4.26.4.37.1.0≤ 6.4.3≤ 7.1.0
  • Tibco Jaspersoft

    APP
    Tibco
    ≤ 7.1.0
  • Tibco Jaspersoft Reporting And Analytics

    APP
    Tibco
    ≤ 7.1.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2022-41563CRITICAL9.0ten sam produkt

The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO...

CVE-2022-41561CRITICAL9.1ten sam produkt

The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Serve...

CVE-2021-35495CRITICAL9.0ten sam produkt

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Se...

CVE-2020-9409CRITICAL9.8ten sam produkt

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Serve...

CVE-2017-5533CRITICAL9.3ten sam produkt

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Communit...

CVE-2018-18815 — CRITICAL 10.0 | CVEbaza.pl