CRITICAL🇬🇧 English

CVE-2020-9409

CVSS 9.8v3.1pub. 2020-05-20upd. 2024-11-21

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Retail Order Broker

    APP
    Oracle
    15.016.0
  • Tibco Jasperreports Server

    APP
    Tibco
    ≤ 7.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-41561CRITICAL9.1ten sam produkt

The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Serve...

CVE-2022-41563CRITICAL9.0ten sam produkt

The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO...

CVE-2021-35495CRITICAL9.0ten sam produkt

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Se...

CVE-2020-10683CRITICAL9.8ten sam produkt

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might e...

CVE-2019-12419CRITICAL9.8ten sam produkt

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged O...

CVE-2020-9409 — CRITICAL 9.8 | CVEbaza.pl