Unrated severityNVD Advisory· Published May 20, 2020· Updated Sep 17, 2024
TIBCO JasperReports Server Fails To Enforce Access Restrictions
CVE-2020-9409
Description
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.
Affected products
5<=7.1.1+ 1 more
- (no CPE)range: <=7.1.1
- (no CPE)range: unspecified
- Range: <=7.1.1
- Range: <=7.1.1
Patches
Vulnerability mechanics
References
2- www.tibco.com/services/support/advisoriesmitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.