Vulnerability Description
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Jasperreports Server | <= 7.1.1 |
| Oracle | Retail Order Broker | 15.0 |
Related Weaknesses (CWE)
References
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
FAQ
What is CVE-2020-9409?
CVE-2020-9409 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vuln...
How severe is CVE-2020-9409?
CVE-2020-9409 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-9409?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Jasperreports Server, Oracle Retail Order Broker.