Jump to content
  • TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3323

    TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability 

    Original release date: April 9, 2024
    Last revised: ---
    Source: TIBCO Software Inc.

    Product(s) Affected

    • TIBCO JasperReports Server versions 8.0.4 and below
    • TIBCO JasperReports Server versions 8.2.0 and below

    Component Affected:

    UI Request/Response Validation


    The component listed above contains a vulnerability which allows for the injection of malicious executable scripts into the code of a trusted application. A common attack vector for this vulnerability involves the sending of a malicious link, enticing the user to interact. If the application lacks proper data sanitization, the malicious link can execute the chosen code on the affected system which could steal the user's active session cookie.


    If an affected user is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.

    CVSS v3 Base Score: 8.3 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L


    • TIBCO JasperReports Server below 8.0.4 to be upgraded to 8.0.4 with latest hotfix
    • TIBCO JasperReports Server below 8.2.0 to be upgraded to 8.2.0 with latest hotfix



  • Create New...