CVE-2020-9409

Summary

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO JasperReports Serverunspecified <= 7.1.1affected
TIBCO Software Inc.TIBCO JasperReports Server for AWS Marketplaceunspecified <= 7.1.1affected
TIBCO Software Inc.TIBCO JasperReports Server for ActiveMatrix BPMunspecified <= 7.1.1affected

Weaknesses

  • The impact of this vulnerability includes the possibility that an unauthenticated user obtains JasperReports Server "superuser" permission, and further might be able to execute arbitrary code with the system account that started the affected component.

ADP Enrichment

CVE Program Container

Additional References

References