CVE-2024-3325 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
tibco	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Vendor	Product	Version
cloud	jasperreports_server	𝑥 ≤ 8.0.4
cloud	jasperreports_server	8.2.0
cloud	jasperreports_server	9.0.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jasperreports

plucky	dne
oracular	dne
noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/