Candidate: CVE-2018-5431
PublicDate: 2018-04-17 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5431
 https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431
Description:
 The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports
 Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports
 Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy,
 and TIBCO Jaspersoft Reporting and Analytics for AWS contains a
 vulnerability which may allow, in the context of a non-default permissions
 configuration, persisted cross-site scripting (XSS) attacks. Affected
 releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions
 up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO
 JasperReports Server Community Edition: versions up to and including 6.4.2,
 TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and
 including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up
 to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS:
 versions up to and including 6.4.2.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM]


Patches_jasperreports:
upstream_jasperreports: needs-triage
precise/esm_jasperreports: DNE
trusty_jasperreports: ignored (out of standard support)
trusty/esm_jasperreports: DNE
xenial_jasperreports: ignored (end of standard support, was needs-triage)
bionic_jasperreports: needs-triage
focal_jasperreports: DNE
groovy_jasperreports: DNE
hirsute_jasperreports: DNE
impish_jasperreports: DNE
jammy_jasperreports: DNE
devel_jasperreports: DNE