Snapshot
Dec. 23, 2022 - Dec. 30, 2022
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2018-18809 | TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system. | MEDIUM | TIBCO | Dec. 29, 2022 |
CVE-2018-5430 | TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | MEDIUM | TIBCO | Dec. 29, 2022 |
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2022-27518 (4) | Unauthenticated remote arbitrary code execution | CRITICAL | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2022-27510 (4) | Unauthorized access to Gateway user capabilities | CRITICAL | Citrix | Risk Context N/A |
CVE-2022-45359 (3) | Unauth. | CRITICAL | Yithemes |
Actively Exploited Remote Code Execution |
CVE-2022-47939 (2) | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free... | CRITICAL | Risk Context N/A | |
CVE-2022-40602 (1) | A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00C0 could allow a remote attacker to access the device using ... | CRITICAL | Zyxel | Risk Context N/A |
CVE-2020-0688 (1) | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle object... | HIGH | Microsoft |
CISA Known Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-37958 (5) | SPNEGO Extended Negotiation Security Mechanism Information Disclosure Vulnerability. | HIGH |
Remote Code Execution Public Exploits Available |
|
CVE-2022-46689 (5) | A race condition was addressed with additional validation. | HIGH | Apple |
Remote Code Execution Public Exploits Available |
CVE-2018-18809 (3) | The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community... | MEDIUM | Tibco |
CISA Known Exploited |
CVE-2018-5430 (3) | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO... | MEDIUM | Tibco |
CISA Known Exploited Actively Exploited |
CISA Known Exploited Vulnerabilities
CISA added 2 vulnerabilities to the known exploited vulnerabilities list.
TIBCO — JasperReports Library |
CVE-2018-18809 / Added: Dec. 29, 2022 |
MEDIUM CVSS 4.00 |
TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system. |
TIBCO — JasperReports Server |
CVE-2018-5430 / Added: Dec. 29, 2022 |
MEDIUM CVSS 4.00 |
TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2022-27518 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Dec. 13, 2022 |
Unauthenticated remote arbitrary code execution |
Vendor Impacted: Citrix |
Products Impacted: Application Delivery Controller (Adc) And Gateway, Application Delivery Controller Firm |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-27510 |
CRITICAL CVSS 9.80 |
Risk Context N/A |
Published: Nov. 8, 2022 |
Unauthorized access to Gateway user capabilities |
Vendor Impacted: Citrix |
Product Impacted: Application Delivery Controller Firm |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-45359 |
CRITICAL CVSS 9.80 |
Actively Exploited Remote Code Execution |
Published: Dec. 6, 2022 |
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. |
Vendor Impacted: Yithemes |
Product Impacted: Yith Woocommerce Gift Cards |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-47939 |
CRITICAL CVSS 9.80 |
Risk Context N/A |
Published: Dec. 23, 2022 |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. |
Headlines |
Back to top ↑ |
CVE-2022-40602 |
CRITICAL CVSS 9.80 |
Risk Context N/A |
Published: Nov. 22, 2022 |
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. |
Vendor Impacted: Zyxel |
Products Impacted: Lte3301-M209, Lte3301-M209 Firmware |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2020-0688 |
HIGH CVSS 8.80 |
CISA Known Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Feb. 11, 2020 |
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. |
Vendor Impacted: Microsoft |
Products Impacted: Microsoft Exchange Server, Exchange Server |
Headlines |
Back to top ↑ |
CVE-2022-37958 |
HIGH CVSS 7.50 |
Remote Code Execution Public Exploits Available |
Published: Sept. 13, 2022 |
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-46689 |
HIGH CVSS 7.00 |
Remote Code Execution Public Exploits Available |
Published: Dec. 15, 2022 |
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. |
Vendor Impacted: Apple |
Products Impacted: Tvos, Ipados, Iphone Os, Watchos, Safari, Macos |
Headlines
|
Back to top ↑ |
CVE-2018-18809 |
MEDIUM CVSS 4.00 |
CISA Known Exploited |
Published: March 7, 2019 |
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. |
Vendor Impacted: Tibco |
Products Impacted: Jasperreports Server, Jasperreports Library |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2018-5430 |
MEDIUM CVSS 4.00 |
CISA Known Exploited Actively Exploited |
Published: April 17, 2018 |
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2. |
Vendor Impacted: Tibco |
Product Impacted: Jasperreports Server |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.