CVE-2022-22771

HIGH

TIBCO JasperReports Library and Server 7.9.0-7.9.1 - Path Traversal

Title source: llm

Description

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.tibco.com/services/support/advisories

Vendor Advisory x_refsource_confirm

https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771

Scores

CVSS v3 8.8

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (3)

tibco/jasperreports_library 7.9.0 (2 CPE variants)

tibco/jasperreports_server 7.9.0 (4 CPE variants)

tibco/jasperreports_server 7.9.1 (4 CPE variants)

Published Mar 15, 2022

Tracked Since Feb 18, 2026