CVE-2019-8986

Published: Mar 7, 2019Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.

Affected (6)

Products: Tibco: Jasperreports Server

Tibco

1 product

Jasperreports Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Tibco Jasperreports Server	Up to 6.3.4
Tibco Jasperreports Server	Up to 6.4.3
Tibco Jasperreports Server	Version 6.4.0
Tibco Jasperreports Server	Version 6.4.1
Tibco Jasperreports Server	Version 6.4.2
Tibco Jasperreports Server	Version 6.4.3

References (4)

http://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986

Source: security@tibco.com

Vendor Advisory

http://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.