CVE-2019-8986

Опубликовано: 07 мар. 2019

Источник: nvd

CVSS3: 7.7

CVSS2: 4

EPSS Низкий

Описание

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.

Ссылки

http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986
Vendor Advisory
http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-8986
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*

Версия до 6.3.4 (включая)

cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:*

Версия до 6.4.3 (включая)

cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:jasperreports_server:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:jasperreports_server:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:jasperreports_server:6.4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00294

Низкий

7.7 High

CVSS3

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-cppw-793h-whp5

CVSS3: 7.7

github

больше 3 лет назад

EPSS

Процентиль: 52%

0.00294

Низкий

7.7 High

CVSS3

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo