CVE-2022-22771

moderate-risk

Published 2022-03-15

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (10)

Jasperreports Library

Jasperreports Server

Affected Vendors

Tibco

References (4)

Vendor Advisory https://www.tibco.com/services/support/advisories

Vendor Advisory https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-1...

Vendor Advisory https://www.tibco.com/services/support/advisories

Vendor Advisory https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-1...

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate