Is CABI Jaspersoft vulnerable by CVE-2020-1938 "GhostCat" vulnerability?

book

Article ID: 185860

calendar_today

Updated On:

Products

CA Spectrum ServiceDesk Server Management Suite Clarity PPM On Premise

Issue/Introduction

Is CABI Jaspersoft vulnerable by CVE-2020-1938 "GhostCat" vulnerability?

Cause

Out of the box, CABI Jaspersoft is vulnerable by this GhostCat vulnerability.

However, this is only due to TIBCO leaving the connector on - though it is not used by Broadcom products.

Environment

All CABI Jaspersoft Versions

Resolution

The AJP Connector can be commented out / removed from the server.xml file for CABI Jaspersoft without affecting the product and it's integration with Broadcom Products.

simply comment out the AJP connector from the */conf/server.xml file:



.....

Additional Information

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

Attachments