CVE-2018-18808 — Race Condition in Software INC Tibco Jasperreports Server

CWE-362 — Race Condition3 documents3 sources

Severity

7.5HIGHNVD

CNA8.8

EPSS

0.3%

top 43.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Jasperreports Server Tibco Software INC Tibco Jasperreports Server Community Edition Tibco Software INC Tibco Jasperreports Server FOR Activematrix BPM +5 more

Timeline

PublishedMar 7

Latest updateMay 13

Description

The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and includin…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_community_editionunspecified — 7.1.0

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_activematrix_bpmunspecified — 6.4.3

▶CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified — 6.3.4+5

▶NVDtibco/jasperreports_server6.3.4+7

▶CVEListV5tibco_software_inc/tibco_jaspersoft_for_aws_with_multi-tenancyunspecified — 7.1.0

🔴Vulnerability Details

GHSA

GHSA-85xr-j783-4jm2: The domain management component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO JasperReports Server Privilege Escalation Via Race Condition↗2019-03-07

▶