CyberSec.Space Logo
Back to CVE Browser

CVE-2020-9409

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile43.88th
PublishedMay 20, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.

Affected Platforms (CPE)

πŸ“¦
Tibco

Jasperreports Server

<= 7.1.1
πŸ“¦
Tibco

Jasperreports Server

<= 7.1.1
πŸ“¦
Tibco

Jasperreports Server

<= 7.1.1
πŸ“¦
Oracle

Retail Order Broker

= 15.0
πŸ“¦
Oracle

Retail Order Broker

= 16.0

References & Advisories

πŸ”— http://www.tibco.com/services/support/advisories
πŸ”— https://www.oracle.com/security-alerts/cpuoct2020.html
πŸ”— http://www.tibco.com/services/support/advisories
πŸ”— https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2017-55339.3

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Jas...

CVE-2021-354959.0

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperRe...

CVE-2018-188088.8

The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition,...