Vulnerability in Tibco Software Inc. Jasperreports Server
CVE-2018-5430
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Repo…
EPSS: 0.414 (97.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Tibco Software Inc. Jasperreports Server — versions unspecified, 6.3.0, 6.3.2
- Tibco Software Inc. Jasperreports Server Community Edition — versions unspecified
- Tibco Software Inc. Jasperreports Server For Activematrix Bpm — versions unspecified
- Tibco Software Inc. Jaspersoft For Aws With Multi-tenancy — versions unspecified
- Tibco Software Inc. Jaspersoft Reporting And Analytics For Aws — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- 44623 (exploit, x_refsource_EXPLOIT-DB)
- rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerabilit… (x_refsource_MISC)
- www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-… (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2018-5430?
- CVE-2018-5430 is a high-severity vulnerability in Tibco Software Inc. Jasperreports Server. CVSS score: 7.7/10. Published 2018-04-17.
- How severe is CVE-2018-5430?
- High severity. CVSS v3 base score is 7.7 out of 10.
- Is CVE-2018-5430 known to be exploited?
- Yes. CVE-2018-5430 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-12-29), indicating it is being actively exploited. 4 public proof-of-concept repositories are indexed.