CVE-2019-8986
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/03/2019
Last modified:
01/01/2022
Description
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.
Impact
Base Score 3.x
7.70
Severity 3.x
HIGH
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:* | 6.3.4 (including) | |
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:* | 6.4.3 (including) | |
| cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:jasperreports_server:6.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:jasperreports_server:6.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:tibco:jasperreports_server:6.4.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page