CVE-2022-22771 — Path Traversal in Software INC Tibco Jasperreports Library

CWE-22 — Path Traversal4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 51.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Jasperreports Library Tibco Software INC Tibco Jasperreports Library FOR Activematrix BPM Tibco Software INC Tibco Jasperreports Server +5 more

Timeline

PublishedMar 15

Latest updateMar 16

Description

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Libra…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_microsoft_azure7.9.1

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_activematrix_bpm7.9.0, 7.9.1+1

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_aws_marketplace7.9.0, 7.9.1+1

▶CVEListV5tibco_software_inc/tibco_jasperreports_server7.9.0, 7.9.1+1

▶NVDtibco/jasperreports_server7.9.0, 7.9.1+1

🔴Vulnerability Details

GHSA

GHSA-g4m4-hxvm-28mq: The Server component of TIBCO Software Inc↗2022-03-16

▶

CVEList

TIBCO JasperReports Library Directory Traversal Vulnerability↗2022-03-15

▶

OSV

CVE-2022-22771: The Server component of TIBCO Software Inc↗2022-03-15

▶