• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of active exploitation of jasperreports vulnerabilities

CISA Warns of Active exploitation of JasperReports Vulnerabilities

You are here: Home / General Cyber Security News / CISA Warns of Active exploitation of JasperReports Vulnerabilities
December 30, 2022

The U.S. Cybersecurity and Infrastructure Security Company (CISA) has additional two-several years-previous security flaws impacting TIBCO Software’s JasperReports merchandise to its Regarded Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.

The flaws, tracked as CVE-2018-5430 (CVSS rating: 7.7) and CVE-2018-18809 (CVSS score: 9.9), had been addressed by TIBCO in April 2018 and March 2019, respectively.

TIBCO JasperReports is a Java-based reporting and details analytics platform for generating, distributing, and controlling reviews and dashboards.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

The initially of the two issues, CVE-2018-5430, relates to an data disclosure bug in the server component that could empower an authenticated person to attain study-only entry to arbitrary information, which include important configurations.

JasperReports Vulnerabilities

“The impression contains the achievable browse-only accessibility by authenticated customers to web software configuration documents that contain the credentials utilised by the server,” TIBCO mentioned at the time. “These credentials could then be utilized to influence external programs accessed by the JasperReports Server.”

CVE-2018-18809, on the other hand, is a directory traversal vulnerability in the JasperReports Library that could permit web server people to access delicate files on the host, potentially producing it attainable for an attacker to steal credentials and crack into other techniques.

CISA did not disclose any extra particulars about how the vulnerabilities are remaining weaponized in actual-earth attacks. Federal agencies in the U.S. are expected to patch their units by January 19, 2023.

Observed this report fascinating? Follow us on Twitter  and LinkedIn to read through more unique content material we submit.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Geopolitical Tensions Expected to Further Impact Cybersecurity in 2023
Next Post: What is multi-factor authentication (MFA) fatigue and how do you defend against attacks? what is multi factor authentication (mfa) fatigue and how do you»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.