Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22771

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Published

2022-03-15T17:15:09.137

Last Modified

2024-11-21T06:47:24.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application tibco jasperreports_library 7.9.0 Yes
Application tibco jasperreports_library 7.9.0 Yes
Application tibco jasperreports_server 7.9.0 Yes
Application tibco jasperreports_server 7.9.0 Yes
Application tibco jasperreports_server 7.9.0 Yes
Application tibco jasperreports_server 7.9.0 Yes
Application tibco jasperreports_server 7.9.1 Yes
Application tibco jasperreports_server 7.9.1 Yes
Application tibco jasperreports_server 7.9.1 Yes
Application tibco jasperreports_server 7.9.1 Yes
References