search cancel

CVE-2022-42889 - JasperSoft Server 7.9

book

Article ID: 252739

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here (https://nvd.nist.gov/vuln/detail/CVE-2022-42889)

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  

Is JasperSoft Server 7.9 vulnerable?

Environment

JasperSoft Server 7.9

All Supported Operating Systems

Resolution

Tibco Support has advised that to address the CVE-2022-42889 vulnerability with JasperSoft Server 7.9, is necessary to manually replace the existing JAR file with the updated version:

1.  Download the latest COMMONS-TEXT-1.10.0.jar file from https://commons.apache.org/proper/commons-text/download_text.cgi

2.  Manually replace the old COMMONS-TEXT-1.8.JAR or COMMONS-TEXT-1.9.JAR file with the COMMONS-TEXT-1.10.0.jar file at the following locations:

<Apache Tomcat>/webapps/jasperserver-pro/WEB-INF/lib
<JasperSoft Install>/buildomatic/lib

3.  Recycle the JasperSoft Tomcat service

Additional Information

CVE-2022-42889 - Service Management