RSS   Vulnerabilities for
'Jaspersoft reporting and analytics'
   RSS

2018-04-17
 
CVE-2018-5431

CWE-79
 

 
The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

 
 
CVE-2018-5430

CWE-22
 

 
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

 
 
CVE-2018-5429

CWE-264
 

 
A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.

 
2017-11-15
 
CVE-2017-5533

CWE-284
 

 
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

 
 
CVE-2017-5532

CWE-79
 

 
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.

 

 >>> Vendor: Tibco 95 Products
HAWK
Hawk monitoring agent
Runtime agent
Rendezvous
Smart pgm fx
Enterprise message service
Rtworks
Smartsockets rtserver
Adapter files z os
Iprocess engine
Rendezvous datasecurity
Rendezvous tx
Substantiation es
Mainframe service tracker
Smartsockets
Administrator
Activematrix businessworks service engine
Activematrix service bus
Activematrix service grid
Activematrix service performance manager
Activematrix bpm
Silver bpm service
Silver cap service
Activecatalog
Collaborative information manager
Silver businessworks service
Tibbr
Tibbr service
Iprocess workspace
Spotfire analytics server
Spotfire server
Managed file transfer command center
Managed file transfer internet server
Slingshot
Activematrix businessworks
Businessevents
Silver fabric activematrix service grid distribution
Spotfire professional
Web player automation services
Formvine
Spotfire statistics services
Spotfire web player
Silver mobile
Enterprise administrator
Enterprise administrator sdk
Messaging appliance
Analyst
Automation services
Deployment kit
Desktop
Web player
Vault
Silver fabric enabler
Spotfire deployment kit
Activematrix management agent
Activematrix policy agent
Activematrix policy manager
Silver fabric enabler for spotfire webplayer
Spotfire analyst
Spotfire analytics platform for aws
Spotfire automation services
Spotfire desktop
Spotfire desktop language packs
Rendezvous network server
Substation es
Loglogic unity
Enterprise message service appliance
Enterprise message service appliance firmware
Jasperreports server community edition
Jasperreports server for activematrix bpm
Jasperreports server
Jaspersoft for aws with multitenancy
Jaspersoft reporting and analytics for aws
Jasperreports library community edition
Jaspersoft studio for activematrix bpm
Jasperreports professional
Jaspersoft for aws with multi-tenancy
Jasperreports library for activematrix bpm
Jasperreports library
Jaspersoft
Jaspersoft reporting and analytics
Jaspersoft studio
Businessworks process monitor
Datasynapse gridserver manager
Data virtualization
Silver fabric enabler for spotfire web player
Spotfire connectors
Spotfire client
Spotfire web player client
Activematrix businessworks distribution for tibco silver fabric
Statistica server
Activespaces
Messaging - apache kafka distribution - schema repository
Rendezvous for z/linux
Rendezvous for z/os


Copyright 2019, cxsecurity.com

 

Back to Top