cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-22773,https://securityvulnerability.io/vulnerability/CVE-2022-22773,TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability,"The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",7.7,HIGH,0.000539999979082495,false,false,false,false,,false,false,2022-05-17T00:00:00.000Z,0
CVE-2022-22771,https://securityvulnerability.io/vulnerability/CVE-2022-22771,TIBCO JasperReports Library Directory Traversal Vulnerability,"The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.",Tibco,"Tibco Jasperreports Library,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",9.9,CRITICAL,0.001820000004954636,false,false,false,false,,false,false,2022-03-15T00:00:00.000Z,0
CVE-2021-35496,https://securityvulnerability.io/vulnerability/CVE-2021-35496,TIBCO JasperReports XML Eternal Entity (XXE) vulnerability,"The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",7.5,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2021-35495,https://securityvulnerability.io/vulnerability/CVE-2021-35495,TIBCO JasperReports FTP Password exposed,"The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",9,CRITICAL,0.0010400000028312206,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2021-35494,https://securityvulnerability.io/vulnerability/CVE-2021-35494,TIBCO JasperReports unauthorized access to temporary object,"The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",5.7,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2020-9410,https://securityvulnerability.io/vulnerability/CVE-2020-9410,TIBCO JasperReports Library,"The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",Tibco,"Tibco Jasperreports Library,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm",7.3,HIGH,0.0019000000320374966,false,false,false,false,,false,false,2020-05-20T13:15:00.000Z,0
CVE-2020-9409,https://securityvulnerability.io/vulnerability/CVE-2020-9409,TIBCO JasperReports Server Fails To Enforce Access Restrictions,"The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server ""superuser"" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm",9.8,CRITICAL,0.0019199999514967203,false,false,false,false,,false,false,2020-05-20T13:15:00.000Z,0
CVE-2019-11203,https://securityvulnerability.io/vulnerability/CVE-2019-11203,TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities,"The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Silver Fabric Enabler For Activematrix Bpm",8.8,HIGH,0.0008299999753944576,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2019-8991,https://securityvulnerability.io/vulnerability/CVE-2019-8991,TIBCO Active Matrix Service Grid Administrator With Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities,"The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Activematrix Policy Director,Tibco Activematrix Service Bus,Tibco Activematrix Service Grid,Tibco Silver Fabric Enabler For Activematrix Bpm,Tibco Silver Fabric Enabler For Activematrix Service Grid",8.8,HIGH,0.0053400001488626,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2019-8992,https://securityvulnerability.io/vulnerability/CVE-2019-8992,TIBCO Active Matrix Service Grid Administrator Remote Code Execution,"The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives (""Upload DAA"" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Activematrix Policy Director,Tibco Activematrix Service Bus,Tibco Activematrix Service Grid,Tibco Activematrix Service Grid Distribution For Tibco Silver Fabric,Tibco Silver Fabric Enabler For Activematrix Bpm,Tibco Silver Fabric Enabler For Activematrix Service Grid",9.9,CRITICAL,0.00343000004068017,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2019-8993,https://securityvulnerability.io/vulnerability/CVE-2019-8993,TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File,"The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Activematrix Policy Director,Tibco Activematrix Service Bus,Tibco Activematrix Service Grid,Tibco Activematrix Service Grid Distribution For Tibco Silver Fabric,Tibco Silver Fabric Enabler For Activematrix Bpm,Tibco Silver Fabric Enabler For Activematrix Service Grid",8.6,HIGH,0.007530000060796738,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2019-8994,https://securityvulnerability.io/vulnerability/CVE-2019-8994,TIBCO ActiveMatrix BPM Escalation of Privileges Vulnerability,"The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Silver Fabric Enabler For Activematrix Bpm",5.4,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2019-8995,https://securityvulnerability.io/vulnerability/CVE-2019-8995,TIBCO ActiveMatrix BPM Open Redirect Vulnerability,"The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.",Tibco,"Tibco Activematrix Bpm,Tibco Activematrix Bpm Distribution For Tibco Silver Fabric,Tibco Silver Fabric Enabler For Activematrix Bpm",4.7,MEDIUM,0.001449999981559813,false,false,false,false,,false,false,2019-04-24T00:00:00.000Z,0
CVE-2018-18815,https://securityvulnerability.io/vulnerability/CVE-2018-18815,TIBCO JasperReports Server User Information Disclosure,"The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",10,CRITICAL,0.007280000019818544,false,false,false,false,,false,false,2019-03-07T22:29:00.000Z,0
CVE-2019-8986,https://securityvulnerability.io/vulnerability/CVE-2019-8986,TIBCO JasperReports Server XML Entity Expansion Vulnerability,"The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server For Activematrix Bpm",7.7,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2019-03-07T22:29:00.000Z,0
CVE-2018-18809,https://securityvulnerability.io/vulnerability/CVE-2018-18809,TIBCO JasperReports Library Directory Traversal Vulnerability,"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",Tibco,"Tibco Jasperreports Library,Tibco Jasperreports Library Community Edition,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",9.9,CRITICAL,0.47150999307632446,true,false,false,true,,false,false,2019-03-07T22:29:00.000Z,0
CVE-2018-18816,https://securityvulnerability.io/vulnerability/CVE-2018-18816,TIBCO JasperReports Persistent Cross Site Scripting Vulnerability,"The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",8,HIGH,0.0007699999841861427,false,false,false,false,,false,false,2019-03-07T22:29:00.000Z,0
CVE-2018-18808,https://securityvulnerability.io/vulnerability/CVE-2018-18808,TIBCO JasperReports Server Privilege Escalation Via Race Condition,"The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",8.8,HIGH,0.0031900000758469105,false,false,false,false,,false,false,2019-03-07T22:29:00.000Z,0
CVE-2018-5431,https://securityvulnerability.io/vulnerability/CVE-2018-5431,TIBCO JasperReports Server Cross Site Scripting Vulnerability,"The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",6.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2018-04-17T00:00:00.000Z,0
CVE-2018-5429,https://securityvulnerability.io/vulnerability/CVE-2018-5429,TIBCO JasperReports Library Code Sandboxing Problem,"A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Library,Tibco Jasperreports Library Community Edition,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws,Tibco Jaspersoft Studio,Tibco Jaspersoft Studio Community Edition,Tibco Jaspersoft Studio For Activematrix Bpm",8.8,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2018-04-17T00:00:00.000Z,0
CVE-2018-5430,https://securityvulnerability.io/vulnerability/CVE-2018-5430,TIBCO JasperReports Server Information Disclosure Vulnerability,"The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",7.7,HIGH,0.06556999683380127,true,false,false,true,,false,false,2018-04-17T00:00:00.000Z,0
CVE-2017-5533,https://securityvulnerability.io/vulnerability/CVE-2017-5533,TIBCO JasperReports Server credentials disclosure,"A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",9.3,CRITICAL,0.00443999981507659,false,false,false,false,,false,false,2017-11-15T21:29:00.000Z,0
CVE-2017-5532,https://securityvulnerability.io/vulnerability/CVE-2017-5532,TIBCO JasperReports persistent cross site scripting,"A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Library,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws,Tibco Jaspersoft Studio,Tibco Jaspersoft Studio For Activematrix Bpm",5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2017-11-15T21:29:00.000Z,0
CVE-2017-5529,https://securityvulnerability.io/vulnerability/CVE-2017-5529,TIBCO JasperReports Library Information Disclosure,"JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).",Tibco,"Tibco Jasperreports Library Community Edition,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Professional,Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws,Tibco Jaspersoft Studio For Activematrix Bpm",4.1,MEDIUM,0.0012499999720603228,false,false,false,false,,false,false,2017-06-29T14:29:00.000Z,0
CVE-2017-5528,https://securityvulnerability.io/vulnerability/CVE-2017-5528,TIBCO JasperReports Server cross-site vulnerabilities,"Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.  The impact of this vulnerability includes the theoretical disclosure of sensitive information.  Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server Community Edition,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jaspersoft For Aws With Multi-tenancy,Tibco Jaspersoft Reporting And Analytics For Aws",5.7,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2017-06-29T14:29:00.000Z,0