virus logo Intrusion Prevention

JasperReports.Auth.Directory.Traversal

description-logoDescription

This indicates an attack attempt to exploit an Directory Traversal Vulnerability in TIBCO JasperReports Server.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. An attacker can exploit this to access arbitrary files on the affected machine via a crafted request.

affected-products-logoAffected Products

TIBCO JasperReports Server version 6.2.4 and prior
TIBCO JasperReports Server version 6.3.3, version 6.3.2, and version 6.3.0
TIBCO JasperReports Server version 6.4.2 and version 6.4.0
TIBCO JasperReports Server ActiveMatrix BPM version 6.4.2 and prior
TIBCO JasperReports Server Community version 6.4.2 and prior
TIBCO JasperReports AWS with multi-tenancy version 6.4.2 and prior
TIBCO JasperReports Reporting and Analytics AWS version 6.4.2 and prior

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-01-31 15.769 Default_action:pass:drop
2020-01-22 15.763

References

https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430 44623
ID 48668
Created Jan 21, 2020
Updated Jan 30, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-5430
Known Exploited Yes
Exploit Prediction Score 17.57%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App Other