| Title | 複数の TIBCO JasperReports および Jaspersoft 製品における認可・権限・アクセス制御に関する脆弱性 |
|---|---|
| Summary | 複数の TIBCO JasperReports および Jaspersoft 製品には、認可・権限・アクセス制御に関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | April 17, 2018, midnight |
| Registration Date | June 19, 2018, 5:43 p.m. |
| Last Update | June 19, 2018, 5:43 p.m. |
| CVSS3.0 : 重要 | |
| Score | 8.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 警告 | |
| Score | 6.5 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| TIBCO Software |
| TIBCO JasperReports Library |
| TIBCO JasperReports Server |
| TIBCO Jaspersoft |
| TIBCO Jaspersoft Reporting and Analytics |
| TIBCO Jaspersoft Studio |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年06月19日] 掲載 |
June 19, 2018, 5:43 p.m. |
| Summary | A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2. |
|---|---|
| Publication Date | April 18, 2018, 3:29 a.m. |
| Registration Date | March 1, 2021, 7:31 p.m. |
| Last Update | Nov. 21, 2024, 1:08 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jasperreports_server:6.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:6.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:* | 6.2.4 | ||||
| cpe:2.3:a:tibco:jasperreports_server:6.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:6.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:* | 6.4.2 | ||||
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:community:*:*:* | 6.4.2 | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jasperreports_library:6.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:6.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:6.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:6.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:*:*:*:* | 6.2.4 | ||||
| cpe:2.3:a:tibco:jasperreports_library:6.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:6.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:*:activematrix_bpm:*:* | 6.4.2 | ||||
| cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:community:*:*:* | 6.4.3 | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jaspersoft:*:*:*:*:*:aws_with_multi-tenancy:*:* | 6.4.2 | ||||
| cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics:*:*:*:*:*:aws:*:* | 6.4.2 | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jaspersoft_studio:6.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jaspersoft_studio:6.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jaspersoft_studio:6.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:*:*:*:* | 6.2.4 | ||||
| cpe:2.3:a:tibco:jaspersoft_studio:6.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jaspersoft_studio:6.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:community:*:*:* | 6.4.3 | ||||
| cpe:2.3:a:tibco:jaspersoft_studio:*:*:*:*:*:activematrix_bpm:*:* | 6.4.2 | ||||