CVE-2018-5430 vulnerability in Tibco Products
Published on April 17, 2018

TIBCO JasperReports Server Information Disclosure Vulnerability
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

NVD

Known Exploited Vulnerability

This TIBCO JasperReports Server Information Disclosure Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.

The following remediation steps are recommended / required by January 19, 2023: Apply updates per vendor instructions.

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2018-5430 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2018-5430

Want to know whenever a new CVE is published for Tibco products? stack.watch will email you.

Tibco Jasperreports Server

Tibco Jaspersoft

Tibco Jaspersoft Reporting Analytics

Affected Versions

TIBCO Software Inc. TIBCO JasperReports Server:

Version unspecified, <= 6.2.4 is affected.
Version 6.3.0 is affected.
Version 6.3.2 is affected.
Version 6.3.3 is affected.
Version 6.4.0 is affected.
Version 6.4.2 is affected.

TIBCO Software Inc. TIBCO JasperReports Server Community Edition:

Version unspecified, <= 6.4.2 is affected.

TIBCO Software Inc. TIBCO JasperReports Server for ActiveMatrix BPM:

Version unspecified, <= 6.4.2 is affected.

TIBCO Software Inc. TIBCO Jaspersoft for AWS with Multi-Tenancy:

Version unspecified, <= 6.4.2 is affected.

TIBCO Software Inc. TIBCO Jaspersoft Reporting and Analytics for AWS:

Version unspecified, <= 6.4.2 is affected.

Exploit Probability

EPSS

41.42%

Percentile

97.35%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.