May 29, 2023

The US CISA has added TIBCO Software’s JasperReports vulnerabilities, to its Known Exploited Vulnerabilities catalog.

TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards and it has vulnerabilities tracked as CVE-2018-5430 with a CVSS score of 7.7 and CVE-2018-18809 with a CVSS score of 9.9.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Advertisements

Vulnerability Details as follows

  • CVE-2018-5430 – TIBCO JasperReports Server contains a vulnerability that may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
  • CVE-2018-18809 – TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access the contents of the host system.

US Federal agencies must address these vulnerabilities in their systems by January 19, 2023.

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: