First published: Thu Mar 07 2019(Updated: )
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.
Credit: security@tibco.com security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tibco Jasperreports Server | <=6.3.4 | |
Tibco Jasperreports Server | <=6.4.3 | |
Tibco Jasperreports Server | =6.4.0 | |
Tibco Jasperreports Server | =6.4.1 | |
Tibco Jasperreports Server | =6.4.2 | |
Tibco Jasperreports Server | =6.4.3 | |
<=6.3.4 | ||
<=6.4.3 | ||
=6.4.0 | ||
=6.4.1 | ||
=6.4.2 | ||
=6.4.3 |
TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher TIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8986 is the vulnerability that affects TIBCO Software Inc.'s TIBCO JasperReports Server and TIBCO JasperReports Server for ActiveMatrix BPM.
The severity of CVE-2019-8986 is high, with a CVSS score of 7.7.
CVE-2019-8986 allows a malicious authenticated user to copy text files from the host operating system in TIBCO JasperReports Server.
TIBCO JasperReports Server versions up to and including 6.3.4 and versions up to and including 6.4.3 are affected by CVE-2019-8986.
To fix CVE-2019-8986, update TIBCO JasperReports Server to a version beyond 6.4.3.