BIT-jasperreports-2022-22771

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/jasperreports/BIT-jasperreports-2022-22771.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-jasperreports-2022-22771
Aliases
  • CVE-2022-22771
Published
2024-03-06T10:56:32.171Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:tibco:jasperreports_server:7.9.0:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.1:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.0:*:*:*:*:activematrix_bpm:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.1:*:*:*:*:activematrix_bpm:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.0:*:*:*:*:aws_marketplace:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.1:*:*:*:*:aws_marketplace:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.0:*:*:*:*:azure:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.1:*:*:*:*:azure:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / jasperreports

Package

Name
jasperreports
Purl
pkg:bitnami/jasperreports

Severity

  • 9.9 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.9.0
Last affected
7.9.0
Introduced
7.9.1
Last affected
7.9.1