admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-04-17 14:03:53 -04:00
parent 17c49620b0
commit 19e07e262b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 305 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

273
2018/5xxx/CVE-2018-5429.json
View File

@ -1,265 +1,264 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"ID": "CVE-2018-5429",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2018-04-17T09:00:00-07",
"TITLE": "TIBCO JasperReports Library Code Sandboxing Problem"
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-04-17T09:00:00-07",
"ID" : "CVE-2018-5429",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO JasperReports Library Code Sandboxing Problem"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.2.4"
"affected" : "<=",
"version_value" : "6.2.4"
},
{
"affected": "=",
"version_value": "6.3.0"
"affected" : "=",
"version_value" : "6.3.0"
},
{
"affected": "=",
"version_value": "6.3.2"
"affected" : "=",
"version_value" : "6.3.2"
},
{
"affected": "=",
"version_value": "6.3.3"
"affected" : "=",
"version_value" : "6.3.3"
},
{
"affected": "=",
"version_value": "6.4.0"
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.2"
"affected" : "=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server Community Edition",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Library",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.2.4"
"affected" : "<=",
"version_value" : "6.2.4"
},
{
"affected": "=",
"version_value": "6.3.0"
"affected" : "=",
"version_value" : "6.3.0"
},
{
"affected": "=",
"version_value": "6.3.2"
"affected" : "=",
"version_value" : "6.3.2"
},
{
"affected": "=",
"version_value": "6.3.3"
"affected" : "=",
"version_value" : "6.3.3"
},
{
"affected": "=",
"version_value": "6.4.0"
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.1"
"affected" : "=",
"version_value" : "6.4.1"
},
{
"affected": "=",
"version_value": "6.4.2"
"affected" : "=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library Community Edition",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Library Community Edition",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.3"
"affected" : "<=",
"version_value" : "6.4.3"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Library for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Studio",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.2.4"
"affected" : "<=",
"version_value" : "6.2.4"
},
{
"affected": "=",
"version_value": "6.3.0"
"affected" : "=",
"version_value" : "6.3.0"
},
{
"affected": "=",
"version_value": "6.3.2"
"affected" : "=",
"version_value" : "6.3.2"
},
{
"affected": "=",
"version_value": "6.3.3"
"affected" : "=",
"version_value" : "6.3.3"
},
{
"affected": "=",
"version_value": "6.4.0"
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.2"
"affected" : "=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio Community Edition",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Studio Community Edition",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.3"
"affected" : "<=",
"version_value" : "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution.\nAffected releases include TIBCO Software Inc.'s\nTIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2,\nTIBCO JasperReports Server Community Edition: versions up to and including 6.4.2,\nTIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2,\nTIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2,\nTIBCO JasperReports Library Community Edition: versions up to and including 6.4.3,\nTIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2,\nTIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2,\nTIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2,\nTIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2,\nTIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3,\nTIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."
"lang" : "eng",
"value" : "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component."
"lang" : "eng",
"value" : "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"
"name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher\n"
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher\n"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

173
2018/5xxx/CVE-2018-5430.json
View File

@ -1,161 +1,160 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-04-17T16:00:00.000Z",
"ID": "CVE-2018-5430",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Information Disclosure Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-04-17T16:00:00.000Z",
"ID" : "CVE-2018-5430",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO JasperReports Server Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.2.4"
"affected" : "<=",
"version_value" : "6.2.4"
},
{
"affected": "=",
"version_value": "6.3.0"
"affected" : "=",
"version_value" : "6.3.0"
},
{
"affected": "=",
"version_value": "6.3.2"
"affected" : "=",
"version_value" : "6.3.2"
},
{
"affected": "=",
"version_value": "6.3.3"
"affected" : "=",
"version_value" : "6.3.3"
},
{
"affected": "=",
"version_value": "6.4.0"
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.2"
"affected" : "=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server Community Edition",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Hector Monsegur at Rhino Security Labs for discovery of this vulnerability.\n"
"lang" : "eng",
"value" : "TIBCO would like to extend its appreciation to Hector Monsegur at Rhino Security Labs for discovery of this vulnerability.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.\nAffected releases include TIBCO Software Inc.'s\nTIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2,\nTIBCO JasperReports Server Community Edition: versions up to and including 6.4.2,\nTIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2,\nTIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2,\nTIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
"lang" : "eng",
"value" : "The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 7.7,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server.\n"
"lang" : "eng",
"value" : "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server.\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430"
"name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n"
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}

167
2018/5xxx/CVE-2018-5431.json
View File

@ -1,155 +1,154 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-04-17T16:00:00.000Z",
"ID": "CVE-2018-5431",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server Cross Site Scripting Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-04-17T16:00:00.000Z",
"ID" : "CVE-2018-5431",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO JasperReports Server Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.2.4"
"affected" : "<=",
"version_value" : "6.2.4"
},
{
"affected": "=",
"version_value": "6.3.0"
"affected" : "=",
"version_value" : "6.3.0"
},
{
"affected": "=",
"version_value": "6.3.2"
"affected" : "=",
"version_value" : "6.3.2"
},
{
"affected": "=",
"version_value": "6.3.3"
"affected" : "=",
"version_value" : "6.3.3"
},
{
"affected": "=",
"version_value": "6.4.0"
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.2"
"affected" : "=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server Community Edition",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "6.4.2"
"affected" : "<=",
"version_value" : "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks.\nAffected releases include TIBCO Software Inc.'s\nTIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2,\nTIBCO JasperReports Server Community Edition: versions up to and including 6.4.2,\nTIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2,\nTIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2,\nTIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
"lang" : "eng",
"value" : "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n"
"lang" : "eng",
"value" : "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
"name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n"
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}