Vulnerabilities > CVE-2019-8986 - Unspecified vulnerability in Tibco Jasperreports Server

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tibco

NVD

Published: 2019-03-07

Updated: 2022-01-01

Summary

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Jasperreports Server 6.4.0 Tibco Jasperreports Server 6.4.2 Tibco Jasperreports Server 6.1.1 Tibco Jasperreports Server 6.1.2 Tibco Jasperreports Server 6.2.0 Tibco Jasperreports Server 6.2.1 Tibco Jasperreports Server 6.2.3 Tibco Jasperreports Server 6.2.4 Tibco Jasperreports Server 6.2.5 Tibco Jasperreports Server 6.3.0 Tibco Jasperreports Server 6.3.2 Tibco Jasperreports Server 6.3.3 Tibco Jasperreports Server 6.4.3 Tibco Jasperreports Server 6.4.1 Tibco Jasperreports Server - Tibco Jasperreports Server 6.3.1 Tibco Jasperreports Server 6.3.4	41

Summary

Vulnerable Configurations

References