Jump to content
  • TIBCO Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3326

    TIBCO JasperReports Server Remote Code Execution (RCE) vulnerability

    Original release date: April 09, 2024
    Last revised: ---
    Source: TIBCO Software Inc.

    Product(s) Affected

    • TIBCO JasperReports Server versions 8.0.4 and below
    • TIBCO JasperReports Server versions 8.2.0 and below

    Component Affected

    JDBC URL Validation


    The component listed above contains arbitrary code on a remote machine, connecting to it over public or private networks. The code execution can be exploited even without prior access to the system. Successful execution is equivalent to a full compromise of the affected system or application. RCE executes malicious code and takes over an affected system. After gaining access to the system, this vulnerability could be utilized to elevate privileges from user level to admin.


    Successful RCE attack can be an entry point leading to subsequent attacks. The major impact(s) could be privilege escalation, network compromise, Denial of Service, and or ransomware attack. 

    CVSS v3 Base Score: 9.1(Critical) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H


    • TIBCO JasperReports Server below 8.0.4 to be upgraded to 8.0.4 with latest hotfix
    • TIBCO JasperReports Server below 8.2.0 to be upgraded to 8.2.0 with latest hotfix



  • Create New...