CyberSec.Space Logo
Back to CVE Browser

CVE-2018-5430

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score80.8960%
EPSS Percentile85.13th
PublishedApr 17, 2018
Last ModifiedNov 3, 2025

Vulnerability Description

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Affected Platforms (CPE)

πŸ“¦
Tibco

Jasperreports Server

<= 6.2.4
πŸ“¦
Tibco

Jasperreports Server

<= 6.4.2
πŸ“¦
Tibco

Jasperreports Server

<= 6.4.2
πŸ“¦
Tibco

Jasperreports Server

= 6.3.0
πŸ“¦
Tibco

Jasperreports Server

= 6.3.2
πŸ“¦
Tibco

Jasperreports Server

= 6.3.3
πŸ“¦
Tibco

Jasperreports Server

= 6.4.0
πŸ“¦
Tibco

Jasperreports Server

= 6.4.2
πŸ“¦
Tibco

Jaspersoft

<= 6.4.2
πŸ“¦
Tibco

Jaspersoft Reporting And Analytics

<= 6.4.2

References & Advisories

πŸ”— https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/
πŸ”— https://www.exploit-db.com/exploits/44623/
πŸ”— https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
πŸ”— https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/
πŸ”— https://www.exploit-db.com/exploits/44623/
πŸ”— https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-5430

Related Vulnerabilities

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2020-94099.8

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplac...

CVE-2017-55339.3

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Jas...

CVE-2021-354959.0

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperRe...