Versio.io

CVE-2022-22771

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 15-03-2022 06:15
Last modified: - 22-03-2022 06:44
Total changes: - 3

Description

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=tibco AND product=jasperreports_library AND version=7.9.0 AND target_software=-
vendor=tibco AND product=jasperreports_library AND version=7.9.0 AND target_software=activematrix_bpm
vendor=tibco AND product=jasperreports_server AND version=7.9.0 AND target_software=-
vendor=tibco AND product=jasperreports_server AND version=7.9.0 AND target_software=activematrix_bpm
vendor=tibco AND product=jasperreports_server AND version=7.9.0 AND target_software=aws_marketplace
vendor=tibco AND product=jasperreports_server AND version=7.9.0 AND target_software=azure
vendor=tibco AND product=jasperreports_server AND version=7.9.1 AND target_software=-
vendor=tibco AND product=jasperreports_server AND version=7.9.1 AND target_software=activematrix_bpm
vendor=tibco AND product=jasperreports_server AND version=7.9.1 AND target_software=aws_marketplace
vendor=tibco AND product=jasperreports_server AND version=7.9.1 AND target_software=azure
 

Reference

 


Keywords

NVD

 

CVE-2022-22771

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.