XSS in Oracle Retail_order_broker
CVE-2020-9410
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Serv…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.051 (91.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Oracle Retail_order_broker — versions 15.0, 16.0
- Tibco Jasperreports_library — versions 7.2.0, 7.2.1, 7.3.0
- Tibco Jasperreports_server — versions 7.2.0, 7.5.0
- Tibco Software Inc. Jasperreports Library — versions unspecified, 7.2.0, 7.2.1
- Tibco Software Inc. Jasperreports Library For Activematrix Bpm — versions unspecified
- Tibco Software Inc. Jasperreports Server — versions unspecified, 7.2.0, 7.5.0
- Tibco Software Inc. Jasperreports Server For Activematrix Bpm — versions unspecified
- Tibco Software Inc. Jasperreports Server For Aws Marketplace — versions unspecified
Weakness classification (CWE)
References
- security@tibco.com (x_refsource_CONFIRM, Vendor Advisory)
- security@tibco.com (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-9410?
- CVE-2020-9410 is a high-severity vulnerability in Oracle Retail_order_broker, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2020-05-20.
- How severe is CVE-2020-9410?
- High severity. CVSS v3 base score is 7.3 out of 10.