Jump to content
JasperReports Library 7.0 is now available ×
  • Jaspersoft Security Advisory: July 9, 2024 - JasperReports Server - CVE-2024-3325

    JasperReports Server Driver upload vulnerability

    Original release date: July 09, 2024
    Last revised: ---
    Source: TIBCO Software Inc.

    Product(s) Affected

    • JasperReports Server version 8.0.4 and below
    • JasperReports Server version 8.2.0
    • JasperReports Server version 9.0.0

    Component Affected 

    • JDBC Driver Upload


        A systems administrator must enable/disable JDBC driver upload functionality for the JasperReports Server Superuser. It is disabled by default. Only Superuser can upload drivers when it is enabled


        Uninstalled Drivers cannot be uploaded without enabling this new configuration property.

    CVSS V4.0 Base Score: 8.6 (High)  CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N


    • JasperReports Server version 8.0.4 and lower to be upgraded to 8.0.4 with the latest 8.0.4 hotfix
    • JasperReports Server version 8.2.0 to be upgraded to 9.0.0 with the latest 9.0.0 hotfix
    • JasperReports Server version 9.0.0 to be updated with the latest 9.0.0 hotfix



  • Create New...