First published: Thu Mar 07 2019(Updated: )
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.
Credit: security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tibco Jasperreports Server | <=6.3.4 | |
Tibco Jasperreports Server | <=6.4.3 | |
Tibco Jasperreports Server | =6.4.0 | |
Tibco Jasperreports Server | =6.4.1 | |
Tibco Jasperreports Server | =6.4.2 | |
Tibco Jasperreports Server | =6.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8986 is the vulnerability that affects TIBCO Software Inc.'s TIBCO JasperReports Server and TIBCO JasperReports Server for ActiveMatrix BPM.
The severity of CVE-2019-8986 is high, with a CVSS score of 7.7.
CVE-2019-8986 allows a malicious authenticated user to copy text files from the host operating system in TIBCO JasperReports Server.
TIBCO JasperReports Server versions up to and including 6.3.4 and versions up to and including 6.4.3 are affected by CVE-2019-8986.
To fix CVE-2019-8986, update TIBCO JasperReports Server to a version beyond 6.4.3.