CVE-2020-9409
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO JasperReports Server | unspecified <= 7.1.1 | affected |
| TIBCO Software Inc. | TIBCO JasperReports Server for AWS Marketplace | unspecified <= 7.1.1 | affected |
| TIBCO Software Inc. | TIBCO JasperReports Server for ActiveMatrix BPM | unspecified <= 7.1.1 | affected |
Weaknesses
- The impact of this vulnerability includes the possibility that an unauthenticated user obtains JasperReports Server "superuser" permission, and further might be able to execute arbitrary code with the system account that started the affected component.
ADP Enrichment
CVE Program Container
Additional References
- http://www.tibco.com/services/support/advisories
- https://www.oracle.com/security-alerts/cpuoct2020.html
References
- http://www.tibco.com/services/support/advisories
- https://www.oracle.com/security-alerts/cpuoct2020.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.