The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including…
Apply updates per vendor instructions.
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
| Vendor | Product | Versions |
|---|---|---|
| TIBCO Software Inc. | TIBCO JasperReports Server | unspecified, 6.3.0, 6.3.2, 6.3.3, 6.4.0, 6.4.2 |
| TIBCO Software Inc. | TIBCO JasperReports Server Community Edition | unspecified |
| TIBCO Software Inc. | TIBCO JasperReports Server for ActiveMatrix BPM | unspecified |
| TIBCO Software Inc. | TIBCO Jaspersoft for AWS with Multi | Tenancy — unspecified |
| TIBCO Software Inc. | TIBCO Jaspersoft Reporting and Analytics for AWS | unspecified |
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection: