CVE-2011-1911

JasperReports Server Community Project <3.7.1 - CSRF

Title source: llm
STIX 2.1

Description

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69849
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/519588
US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MAPG-8ELLJC
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49649

Scores

EPSS 0.0149
EPSS Percentile 71.1%

Details

CWE
CWE-352
Status published
Products (2)
jasperforge/jasperreports_server_community_project 3.7.0
jasperforge/jasperreports_server_community_project 3.7.1
Published Sep 20, 2011
Tracked Since Feb 18, 2026