CVE-2019-8986 — Software INC Tibco Jasperreports Server vulnerability

3 documents3 sources

Severity

7.7HIGHNVD

EPSS

0.3%

top 47.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Jasperreports Server Tibco Software INC Tibco Jasperreports Server FOR Activematrix BPM Tibco Jasperreports Server

Timeline

PublishedMar 7

Latest updateMay 13

Description

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_activematrix_bpmunspecified — 6.4.3

▶CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified — 6.3.4+4

▶NVDtibco/jasperreports_server6.3.4+5

🔴Vulnerability Details

GHSA

GHSA-cppw-793h-whp5: The SOAP API component vulnerability of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO JasperReports Server XML Entity Expansion Vulnerability↗2019-03-07

▶