CVE-2018-18809 Scanner
Detects 'Directory Traversal' vulnerability in TIBCO JasperReports Library affects v. up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
TIBCO JasperReports Library is a highly popular reporting and analytics tool used by enterprises and businesses for creating and deploying reports, charts, and dashboards. This product is widely used for creating data-driven reports that can be embedded into web pages or accessed through various web-based applications. TIBCO JasperReports Library is known for its ease of use, data visualization capabilities, and extensibility.
Recently, a directory-traversal vulnerability has been found in the TIBCO JasperReports Library. The vulnerability code is CVE-2018-18809, and it affects multiple TIBCO Software products, including TIBCO JasperReports Library, TIBCO JasperReports Server, and TIBCO Jaspersoft Reporting and Analytics for AWS. This vulnerability can potentially allow hackers to access files and directories beyond the web server's root directory and leak sensitive information.
If exploited, this vulnerability can have severe repercussions for the impacted organization. Attackers can gain access to confidential data, such as login credentials, financial information, and other sensitive data, leading to identity theft, financial loss, and reputational damage. This vulnerability can also allow an attacker to execute arbitrary code on the target system, compromise the server's integrity, and disrupt critical business functions.
Thanks to the pro features of s4e.io, you can easily and quickly learn about vulnerabilities in your digital assets. The platform offers a vast database of known vulnerabilities, along with customized alerts and reports that can help you stay up-to-date with the latest security threats. By leveraging s4e.io, you can gain peace of mind and ensure that your organization's digital assets are secure from emerging cyber threats.
REFERENCES
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809
- securityfocus.com: 107351
- seclists.org: 20190909 CVE-2018-18809 Path traversal in Tibco JasperSoft
- http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html
- https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html
- https://cybersecurityworks.com/zerodays/cve-2018-18809-tibco.html