December 1, 2023

The US CISA has added TIBCO Software’s JasperReports vulnerabilities, to its Known Exploited Vulnerabilities catalog.

TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards and it has vulnerabilities tracked as CVE-2018-5430 with a CVSS score of 7.7 and CVE-2018-18809 with a CVSS score of 9.9.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Advertisements

Vulnerability Details as follows

  • CVE-2018-5430 – TIBCO JasperReports Server contains a vulnerability that may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
  • CVE-2018-18809 – TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access the contents of the host system.

US Federal agencies must address these vulnerabilities in their systems by January 19, 2023.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: