Jump to content
JasperReports Library 7.0 is now available ×
  • Jaspersoft Security Advisory: July 9, 2024 - JasperReports Server - CVE-2024-3325


    JasperReports Server Driver upload vulnerability

    Original release date: July 09, 2024
    Last revised: ---
    CVE-2024-3325
    Source: TIBCO Software Inc.

    Product(s) Affected

    • JasperReports Server version 8.0.4 and below
    • JasperReports Server version 8.2.0
    • JasperReports Server version 9.0.0

    Component Affected 

    • JDBC Driver Upload

    Description

        A systems administrator must enable/disable JDBC driver upload functionality for the JasperReports Server Superuser. It is disabled by default. Only Superuser can upload drivers when it is enabled

    Impact

        Uninstalled Drivers cannot be uploaded without enabling this new configuration property.

    CVSS V4.0 Base Score: 8.6 (High)  CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N


    Solution

    • JasperReports Server version 8.0.4 and lower to be upgraded to 8.0.4 with the latest 8.0.4 hotfix
    • JasperReports Server version 8.2.0 to be upgraded to 9.0.0 with the latest 9.0.0 hotfix
       
    • JasperReports Server version 9.0.0 to be updated with the latest 9.0.0 hotfix

    References

    https://community.tibco.com/advisories
    CVE-2024-3325



×
×
  • Create New...