CVE-2018-5430

HIGH KEV

TIBCO JasperReports Server - Info Disclosure

Title source: llm

Description

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Exploits (1)

exploitdb WRITEUP
by Hector Monsegur · textwebappsmultiple
https://www.exploit-db.com/exploits/44623

References (4)

Scores

CVSS v3 8.8
EPSS 0.4142
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-12-29
VulnCheck KEV 2022-12-29
InTheWild.io 2022-12-29
ENISA EUVD EUVD-2018-17200
CWE
CWE-22 CWE-200
Status published
Products (9)
tibco/jasperreports_server 6.3.0
tibco/jasperreports_server 6.3.2
tibco/jasperreports_server 6.3.3
tibco/jasperreports_server 6.4.0
tibco/jasperreports_server 6.4.2
tibco/jasperreports_server < 6.2.4
tibco/jasperreports_server < 6.4.2 (2 CPE variants)
tibco/jaspersoft < 6.4.2
tibco/jaspersoft_reporting_and_analytics < 6.4.2
Published Apr 17, 2018
KEV Added Dec 29, 2022
Tracked Since Feb 18, 2026