Jump to content
JasperReports Library 7.0 is now available ×
  • Jaspersoft Security Advisory: April 9, 2024 - TIBCO JasperReports Server - CVE-2024-3327


    TIBCO JasperReports Server SQL Injection vulnerability 

    Original release date: April 9, 2023
    Last revised: ---
    CVE-2024-3327
    Source: TIBCO Software Inc.

    Product(s Affected)

    • TIBCO JasperReports Server versions 8.0.4 and below
    • TIBCO JasperReports Server versions 8.2.0 and below

    Component Affected

    Query Executions

    Description

    The component listed above contains a piece of SQL code to manipulate a database and gain access to sensitive information. It's most prevalent that could be used against web applications which use an SQL-based database.  Applications with a higher prevalence of older functional interfaces are more susceptible to SQL Injection flaws compared to recent technologies, thus forcing the SQL server to execute an unintended operation constructed using untrusted input.

    Impact

    In the worst case, a successful SQL injection attack can cause serious consequences and may risk exposing sensitive data stored on SQL server. It allows access to systems without credentials which could allow unauthorized access and manipulation of sensitive information..

    CVSS v3 Base Score: 5.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

    Solution

    • TIBCO JasperReports Server below 8.0.4 to be upgraded to 8.0.4 with latest hotfix
    • TIBCO JasperReports Server below 8.2.0 to be upgraded to 8.2.0 with latest hotfix

    References

    https://community.tibco.com/advisories
    CVE-2024-3327



×
×
  • Create New...