The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| tibco | jasperreports_server | 6.2.4 | - |
| tibco | jasperreports_server | 6.4.2 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
10
Affected Products
2
References
tibco / jasperreports_server
| - |
| tibco | jasperreports_server | 6.4.2 | - |
| tibco | jasperreports_server | - | - |
| tibco | jasperreports_server | - | - |
| tibco | jasperreports_server | - | - |
| tibco | jasperreports_server | - | - |
| tibco | jasperreports_server | - | - |
| tibco | jaspersoft | 6.4.2 | - |
| tibco | jaspersoft_reporting_and_analytics | 6.4.2 | - |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Exploitability
Impact