The Cybersecurity and Infrastructure Security Agency (CISA) has added two TIBCO vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CISA warned “these types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.”
As a result, these vulnerabilities have been added to the Catalog based on evidence of active exploitation.
The two TIBCO vulnerabilities added to the catalog are as follows (each were patched back in 2018):
- CVE-2018-5430: TIBCO JasperReports Server Information Disclosure Vulnerability (CVSS 7.7).
- CVE-2018-18809: TIBCO JasperReports Library Directory Traversal Vulnerability (CVSS 6.5).
According to a TIBCO advisory, the most severe of the two issues (CVE-2018-5430) could result in the “possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server.”
“Those credentials could then be used to affect external systems accessed by the JasperReports Server,” TIBCO added.
Readers can check out the latest details on CISA’s Known Exploited Vulnerabilities Catalog.
- CISA adds 6 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include iOS, Microsoft, Fortinet, Citrix and Veeam vulnerabilities)
- CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Windows and Samsung vulnerabilities)
- CISA adds 8 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include iOS and Chrome zero-days)