The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.
References
Link | Resource |
---|---|
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Oct 2022, 01:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle
Oracle retail Order Broker |
|
CPE | cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory |
Information
Published : 2020-05-20 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-9409
Mitre link : CVE-2020-9409
CVE.ORG link : CVE-2020-9409
JSON object : View
Products Affected
tibco
- jasperreports_server
oracle
- retail_order_broker
CWE
CWE-276
Incorrect Default Permissions