| Title | JasperReports Server コンポーネントにおけるクロスサイトリクエストフォージェリの脆弱性 |
|---|---|
| Summary | JasperReports Server コンポーネントには、クロスサイトリクエストフォージェリの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | June 28, 2017, midnight |
| Registration Date | July 20, 2017, 4:17 p.m. |
| Last Update | July 20, 2017, 4:17 p.m. |
| CVSS3.0 : 重要 | |
| Score | 8.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVSS2.0 : 警告 | |
| Score | 6.8 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| TIBCO Software |
| TIBCO JasperReports Server 6.1.1 およびそれ以前 |
| TIBCO JasperReports Server 6.2.0 |
| TIBCO JasperReports Server 6.2.1 |
| TIBCO JasperReports Server 6.3.0 |
| TIBCO JasperReports Server Community Edition 6.3.0 およびそれ以前 |
| TIBCO JasperReports Server for ActiveMatrix BPM 6.2.0 およびそれ以前 |
| TIBCO Jaspersoft for AWS with Multi-Tenancy 6.2.0 およびそれ以前 |
| TIBCO Jaspersoft Reporting and Analytics for AWS 6.2.0 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2017年07月20日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). |
|---|---|
| Publication Date | June 29, 2017, 11:29 p.m. |
| Registration Date | Jan. 26, 2021, 1:26 p.m. |
| Last Update | Nov. 21, 2024, 12:27 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:* | 6.1.1 | ||||
| cpe:2.3:a:tibco:jasperreports_server:6.2.0:*:*:*:-:-:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:6.2.1:*:*:*:-:-:*:* | |||||
| cpe:2.3:a:tibco:jasperreports_server:6.3.0:*:*:*:-:-:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:community:*:*:* | 6.3.0 | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:* | 6.2.0 | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jaspersoft:*:*:*:*:*:aws_with_multi-tenancy:*:* | 6.2.0 | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics:*:*:*:*:*:aws:*:* | 6.2.0 | ||||