CVE-2018-5429Software INC Tibco Jasperreports Library vulnerability

6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 23.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Tibco Software INC Tibco Jasperreports LibraryTibco Software INC Tibco Jasperreports Library Community EditionTibco Software INC Tibco Jasperreports Library FOR Activematrix BPM+13 more
Timeline
PublishedApr 17
Latest updateMay 13

Description

A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jas

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages16 packages

🔴Vulnerability Details

3
GHSA
GHSA-6524-6266-mqf2: A vulnerability in the report scripting component of TIBCO Software Inc2022-05-13
CVEList
TIBCO JasperReports Library Code Sandboxing Problem2018-04-17
OSV
CVE-2018-5429: A vulnerability in the report scripting component of TIBCO Software Inc2018-04-17

💬Community

2
Bugzilla
CVE-2018-5429 jasperreports: arbitrary code execution in analytic reports that contain scripting2018-04-23
Bugzilla
CVE-2018-5429 CVE-2018-5430 CVE-2018-5431 jasperreports: various flaws [fedora-all]2018-04-23
CVE-2018-5429 — HIGH severity | cvebase