{"containers": {"cna": {"affected": [{"product": "TIBCO JasperReports Server", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.2.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "6.3.0"}, {"status": "affected", "version": "6.3.2"}, {"status": "affected", "version": "6.3.3"}, {"status": "affected", "version": "6.4.0"}, {"status": "affected", "version": "6.4.2"}]}, {"product": "TIBCO JasperReports Server Community Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO JasperReports Server for ActiveMatrix BPM", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO JasperReports Library", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.2.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "6.3.0"}, {"status": "affected", "version": "6.3.2"}, {"status": "affected", "version": "6.3.3"}, {"status": "affected", "version": "6.4.0"}, {"status": "affected", "version": "6.4.1"}, {"status": "affected", "version": "6.4.2"}]}, {"product": "TIBCO JasperReports Library Community Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO JasperReports Library for ActiveMatrix BPM", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Jaspersoft for AWS with Multi-Tenancy", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Jaspersoft Reporting and Analytics for AWS", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Jaspersoft Studio", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.2.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "6.3.0"}, {"status": "affected", "version": "6.3.2"}, {"status": "affected", "version": "6.3.3"}, {"status": "affected", "version": "6.4.0"}, {"status": "affected", "version": "6.4.2"}]}, {"product": "TIBCO Jaspersoft Studio Community Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Jaspersoft Studio for ActiveMatrix BPM", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-17T17:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher"}], "source": {"discovery": "UNKNOWN"}, "title": "TIBCO JasperReports Library Code Sandboxing Problem", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-04-17T09:00:00-07", "ID": "CVE-2018-5429", "STATE": "PUBLIC", "TITLE": "TIBCO JasperReports Library Code Sandboxing Problem"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO JasperReports Server", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.2.4"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.2"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.3"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO JasperReports Server Community Edition", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO JasperReports Library", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.2.4"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.2"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.3"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.1"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO JasperReports Library Community Edition", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.3"}]}}, {"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO Jaspersoft Studio", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.2.4"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.2"}, {"affected": "=", "version_affected": "=", "version_value": "6.3.3"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.0"}, {"affected": "=", "version_affected": "=", "version_value": "6.4.2"}]}}, {"product_name": "TIBCO Jaspersoft Studio Community Edition", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.3"}]}}, {"product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "6.4.2"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher"}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-5429", "datePublished": "2018-04-17T18:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-17T00:32:19.534Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "83D3533B-42CF-400B-A9E2-94302E009201", "versionEndIncluding": "6.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:*", "matchCriteriaId": "F8B7F2D6-580E-490B-83F5-56F76F125BA9", "versionEndIncluding": "6.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:community:*:*:*", "matchCriteriaId": "41D39313-991B-43DD-B830-06BE226E3FF6", "versionEndIncluding": "6.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FF00ED7-2B4C-4043-A061-84ADFB785C92", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0B0408C-9F3F-48A7-A8B4-379B90557E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D32E717A-31B1-4415-B6B9-E39FAC38E756", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B714B874-89AD-49AD-8B8D-2EEDF6804E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_server:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A7A9802-61F8-45AC-B5C5-82521DF50B4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ADDCC84-2AB8-4759-A83C-53E31C2B4C44", "versionEndIncluding": "6.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:*:activematrix_bpm:*:*", "matchCriteriaId": "2D6E1EDB-11E7-4F2F-AD02-8CF21C721E83", "versionEndIncluding": "6.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:community:*:*:*", "matchCriteriaId": "7A3B8FD1-6251-474E-8481-BF30ECF52284", "versionEndIncluding": "6.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDEEB975-7721-436C-A8EF-62C91A67D5E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A77C998E-10BD-49CE-AA25-57D24DE782B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C4051E7-D4F9-4285-A7E2-BC0BA45365AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E28FF909-232C-4C5E-981D-BD5438FD0D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "29FE5644-D4B9-404D-9169-2AAF87721234", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jasperreports_library:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "15FC0C65-B16F-402F-B5D9-10F4EE2C06FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:jaspersoft:*:*:*:*:*:aws_with_multi-tenancy:*:*", "matchCriteriaId": "E45760CC-1126-49FA-B86F-1DBEB379F4D4", "versionEndIncluding": "6.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics:*:*:*:*:*:aws:*:*", "matchCriteriaId": "9B604288-1622-4FA1-B48B-9F11EB1C3140", "versionEndIncluding": "6.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "9012FB6C-09B5-4E7E-93FA-07EEFD412DFD", "versionEndIncluding": "6.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:*:activematrix_bpm:*:*", "matchCriteriaId": "6E46934C-3A07-4478-91D3-2374848B9637", "versionEndIncluding": "6.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:community:*:*:*", "matchCriteriaId": "B67854F9-91AC-430D-BC18-A804E844B2E6", "versionEndIncluding": "6.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "40D22C6F-FF80-4154-AC3D-2D27987E7ACC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EEE165BF-269E-4964-8051-1AE06A911851", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "15556DBC-8987-4121-AB6E-F1E70E47CA2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5D48582-55FC-4D7F-8B01-A649A19A1E9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:jaspersoft_studio:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "098D98D0-1C9E-4F04-9F80-2BBA485CA9D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de scripting de informes en TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition y TIBCO Jaspersoft Studio for ActiveMatrix BPM, de TIBCO Software Inc., podr\u00eda permitir que informes anal\u00edticos que contengan scripting realicen ejecuci\u00f3n de c\u00f3digo arbitrario. Las versiones afectadas incluyen a TIBCO JasperReports Server: versiones hasta e incluyendo la 6.2.4, 6.3.0, 6.3.2, 6.3.3, 6.4.0 y 6.4.2; TIBCO JasperReports Server Community Edition: versiones hasta e incluyendo la 6.4.2; TIBCO JasperReports Server for ActiveMatrix BPM: versiones hasta e incluyendo la 6.4.2; TIBCO JasperReports Library: versiones hasta e incluyendo la 6.2.4, 6.3.0, 6.3.2, 6.3.3, 6.4.0, 6.4.1 y 6.4.2; TIBCO JasperReports Library Community Edition: versiones hasta e incluyendo la 6.4.3; TIBCO JasperReports Library for ActiveMatrix BPM: versiones hasta e incluyendo la 6.4.2; TIBCO Jaspersoft for AWS with Multi-Tenancy: versiones hasta e incluyendo la 6.4.2; TIBCO Jaspersoft Reporting and Analytics for AWS: versiones hasta e incluyendo la 6.4.2; TIBCO Jaspersoft Studio: versiones hasta e incluyendo la 6.2.4, 6.3.0, 6.3.2, 6.3.3, 6.4.0 y 6.4.2; TIBCO Jaspersoft Studio Community Edition: versiones hasta e incluyendo la 6.4.3; TIBCO Jaspersoft Studio for ActiveMatrix BPM: versiones hasta e incluyendo la 6.4.2, de TIBCO Software Inc."}], "id": "CVE-2018-5429", "lastModified": "2024-11-21T04:08:47.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-17T18:29:00.213", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}