TROYANOSYVIRUS
Back to CVEs

CVE-2018-5430

HIGHCISA KEV
8.8

Description

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

CVE Details

CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/17/2018
Last Modified11/3/2025
Sourcekev
Honeypot Sightings0

CISA KEV

VendorTIBCO
ProductJasperReports
Vulnerability NameTIBCO JasperReports Server Information Disclosure Vulnerability
KEV Date Added2022-12-29
Remediation Due Date2023-01-19
Ransomware UseUnknown

Affected Products

tibco:jasperreports_servertibco:jaspersofttibco:jaspersoft_reporting_and_analytics

Weaknesses (CWE)

CWE-22CWE-200

References

https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/(security@tibco.com)
https://www.exploit-db.com/exploits/44623/(security@tibco.com)
https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430(security@tibco.com)
https://rhinosecuritylabs.com/application-security/authenticated-file-read-vulnerability-in-jasperreports/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44623/(af854a3a-2127-422b-91ae-364da2661108)
https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-5430(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.