CVE-2022-22771

EPSS 0.47%
Published 15.03.2022 17:15:09
Last modified 21.11.2024 06:47:24
Source security@tibco.com
Teams watchlist Login
Open Login

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Tibco ≫ Jasperreports Library Version7.9.0 SwPlatform-

Tibco ≫ Jasperreports Library Version7.9.0 SwPlatformactivematrix_bpm

Tibco ≫ Jasperreports Server Version7.9.0 SwPlatform-

Tibco ≫ Jasperreports Server Version7.9.0 SwPlatformactivematrix_bpm

Tibco ≫ Jasperreports Server Version7.9.0 SwPlatformaws_marketplace

Tibco ≫ Jasperreports Server Version7.9.0 SwPlatformazure

Tibco ≫ Jasperreports Server Version7.9.1 SwPlatform-

Tibco ≫ Jasperreports Server Version7.9.1 SwPlatformactivematrix_bpm

Tibco ≫ Jasperreports Server Version7.9.1 SwPlatformaws_marketplace

Tibco ≫ Jasperreports Server Version7.9.1 SwPlatformazure

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security@tibco.com	9.9	3.1	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.tibco.com/services/support/advisories

Vendor Advisory

https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22771

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22771

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22771

EUVD