CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-9409

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile43.88th
Published2020年5月20日
Last Modified2024年11月21日

Vulnerability Description

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.

Affected Platforms (CPE)

📦
Tibco

Jasperreports Server

<= 7.1.1
📦
Tibco

Jasperreports Server

<= 7.1.1
📦
Tibco

Jasperreports Server

<= 7.1.1
📦
Oracle

Retail Order Broker

= 15.0
📦
Oracle

Retail Order Broker

= 16.0

References & Advisories

🔗 http://www.tibco.com/services/support/advisories
🔗 https://www.oracle.com/security-alerts/cpuoct2020.html
🔗 http://www.tibco.com/services/support/advisories
🔗 https://www.oracle.com/security-alerts/cpuoct2020.html

相关漏洞威胁

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2017-55339.3

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Jas...

CVE-2021-354959.0

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperRe...

CVE-2018-188088.8

The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition,...