CVE-2018-5382 Security Finding - Is this still a vulnerability in JS 6.4.2?

kurtis.fleming · February 19, 2019

Link to community article in question: https://community.jaspersoft.com/questions/1100966/security-finding-cve-2018-5382-jasperreports

We are currently seeking approval from our security team for Jaspersoft Studio 6.4.2 to bypass the web gateways and connect direct. be carried out until we can confirm that the security finding CVE-2018-5382 has been addressed.

Do the patch notes of JS 6.4.2 (or previous versions if addressed some time ago) that is intended for deployment contain explicit reference to CVE-2018-5382?
What version of org.bouncycastle:bcprov-jdk15on:XX is used with Jaspersoft 6.4.2?

Thanks.

hozawa · February 19, 2019

AFIK, there's no security patches for community versions. You'll need to purchase commercial version.

kurtis.fleming · February 20, 2019

We currently have the Commercial version, through our subscription to CA PPM SaaS. Can you please advise on the above query, and what security patches have been applied?

kurtis.fleming · February 20, 2019

We currently have the Commercial version, through our subscription to CA PPM SaaS. Can you please advise on the above query, and what security patches have been applied?

djohnson53 · February 20, 2019

If you have a support contract with TIBCO, you should raise this issue with them.

Sign In

CVE-2018-5382 Security Finding - Is this still a vulnerability in JS 6.4.2?

Recommended Posts

kurtis.fleming

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

hozawa

Link to comment

Share on other sites

kurtis.fleming

Link to comment

Share on other sites

kurtis.fleming

Link to comment

Share on other sites

djohnson53

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Activity

Products

Explore