Vulnerability Change Records for CVE-2018-18808

Change History

CVE Modified by TIBCO Software Inc. 3/07/2019 6:29:01 PM

Action Type Old Value New Value
Changed Description
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges.

Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

Modified Analysis 3/14/2019 1:12:41 PM

Action Type Old Value New Value
Changed Reference Type
http://www.securityfocus.com/bid/107350 No Types Assigned
http://www.securityfocus.com/bid/107350 Third Party Advisory, VDB Entry

CVE Modified by TIBCO Software Inc. 3/12/2019 6:29:02 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/107350 [No Types Assigned]

CVE Modified by TIBCO Software Inc. 10/09/2019 7:37:26 PM

Action Type Old Value New Value
Added CVSS V3

								
							
							
						
TIBCO Software Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H