CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog

Pierluigi Paganini December 30, 2022

US CISA added TIBCO Software’s JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog.

US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities (KEV) catalog,.

TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Below are the vulnerabilities added to the catalog:

  • CVE-2018-5430 – TIBCO JasperReports Server contains a vulnerability that may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
  • CVE-2018-18809 – TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.

US Federal agencies have to address these vulnerabilities in their systems by January 19, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment