VDB

CVE-2018-5430

CVE-2018-5430 PUBLISHED KEV

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

EPSS 41.42% · 97.5th percentile

Risk Scores

EPSS Score
41.42%
97.5th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSjasperreports0, 4.1.3+dfsg-3, 6.1.1+dfsg-1

Exploit Intelligence

…and 14 more exploits

Timeline

  • Apr 17, 2018 CVE Published
  • May 15, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Dec 29, 2022 CISA KEV Added
  • Jan 5, 2023 PoC Published
  • Apr 11, 2023 EPSS Score
  • Apr 29, 2023 EPSS Score
  • May 8, 2023 EPSS Score
  • May 16, 2023 EPSS Score
  • Jun 14, 2023 PoC Published
  • Jul 10, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›