Jump to content
The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now! See more information here ×
  • TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3323


    TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability 

    Original release date: April 9, 2024
    Last revised: ---
    CVE-2024-3323
    Source: TIBCO Software Inc.

    Product(s) Affected

    • TIBCO JasperReports Server versions 8.0.4 and below
    • TIBCO JasperReports Server versions 8.2.0 and below

    Component Affected:

    UI Request/Response Validation

    Description

    The component listed above contains a vulnerability which allows for the injection of malicious executable scripts into the code of a trusted application. A common attack vector for this vulnerability involves the sending of a malicious link, enticing the user to interact. If the application lacks proper data sanitization, the malicious link can execute the chosen code on the affected system which could steal the user's active session cookie.

    Impact

    If an affected user is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.

    CVSS v3 Base Score: 8.3 (High) CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

    Solution

    • TIBCO JasperReports Server below 8.0.4 to be upgraded to 8.0.4 with latest hotfix
    • TIBCO JasperReports Server below 8.2.0 to be upgraded to 8.2.0 with latest hotfix

    References

    https://community.tibco.com/advisories
    CVE-2024-3323



×
×
  • Create New...