CVE-2024-3325 - OpenCVE

Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2024-07-10T17:02:14.138Z

Updated: 2024-08-01T20:05:08.439Z

Reserved: 2024-04-04T17:01:26.198Z

Link: CVE-2024-3325

Vulnrichment

Updated: 2024-08-01T20:05:08.439Z

NVD

Status : Awaiting Analysis

Published: 2024-07-10T17:15:11.783

Modified: 2024-07-12T16:11:57.460

Link: CVE-2024-3325

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3325", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-04-04T17:01:26.198Z", "datePublished": "2024-07-10T17:02:14.138Z", "dateUpdated": "2024-08-01T20:05:08.439Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "JasperReport Servers", "vendor": "Jaspersoft", "versions": [{"lessThanOrEqual": "9.0.0", "status": "affected", "version": "8.0.4", "versionType": "Patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in Jaspersoft JasperReport Servers.<p>This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.</p>"}], "value": "Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-07-10T17:02:14.138Z"}, "references": [{"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/"}], "source": {"discovery": "UNKNOWN"}, "title": "JasperReports Server Driver upload vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "tibco", "product": "jasperreports_server", "cpes": ["cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0.4", "status": "affected", "lessThanOrEqual": "9.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-10T19:38:52.601530Z", "id": "CVE-2024-3325", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T17:45:36.574Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.439Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.439Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3325", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-10T19:38:52.601530Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*"], "vendor": "tibco", "product": "jasperreports_server", "versions": [{"status": "affected", "version": "8.0.4", "versionType": "custom", "lessThanOrEqual": "9.0.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T19:59:02.973Z"}}], "cna": {"title": "JasperReports Server Driver upload vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Jaspersoft", "product": "JasperReport Servers", "versions": [{"status": "affected", "version": "8.0.4", "versionType": "Patch", "lessThanOrEqual": "9.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in Jaspersoft JasperReport Servers.<p>This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.</p>", "base64": false}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-07-10T17:02:14.138Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3325", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:08.439Z", "dateReserved": "2024-04-04T17:01:26.198Z", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "datePublished": "2024-07-10T17:02:14.138Z", "assignerShortName": "tibco"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0."}, {"lang": "es", "value": "Vulnerabilidad en Jaspersoft JasperReport Servers. Este problema afecta a JasperReport Servers: desde 8.0.4 hasta 9.0.0."}], "id": "CVE-2024-3325", "lastModified": "2024-07-12T16:11:57.460", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2024-07-10T17:15:11.783", "references": [{"source": "security@tibco.com", "url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}