Jump to content
  • TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3324

    TIBCO JasperReports Server Insecure Direct Object References (IDOR) Vulnerability 

    Original release date: April 9, 2023
    Last revised: ---
    Source: TIBCO Software Inc.

    Product(s) Affected

    • TIBCO JasperReports Server versions 8.0.4 and below
    • TIBCO JasperReports Server versions 8.2.0 and below

    Component Affected:

    Multi-Tenancy Role based access


    The component listed above contains a vulnerability that allows direct access to objects based on user-supplied input and it allows attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. If exploited, this vulnerability allows for malicious interaction with a web application by manipulating a database key, query parameter, or a filename.


    If an affected user is a privileged administrator, successful execution of these vulnerabilities can result in an attacker bypassing Authentication mechanisms. This can result in elevated privileges which grant unauthorized access to sensitive information and the ability to alter the data.

    CVSS v3 Base Score: 5.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N


    • TIBCO JasperReports Server below 8.0.4 to be upgraded to 8.0.4 with latest hotfix
    • TIBCO JasperReports Server below 8.2.0 to be upgraded to 8.2.0 with latest hotfix



  • Create New...