search cancel

CVE-2022-42889 - JasperSoft Server 7.9


Article ID: 252739


Updated On:


CA Service Desk Manager CA Service Management - Service Desk Manager


CVE-2022-42889 was published in the National Vulnerability Database on 13 October, 2022.  More information can be found here (

The vulnerability is caused with the use of Apache Commons Text 1.5 through 1.9.  

Is JasperSoft Server 7.9 vulnerable?


JasperSoft Server 7.9

All Supported Operating Systems


Tibco Support has advised that to address the CVE-2022-42889 vulnerability with JasperSoft Server 7.9, is necessary to manually replace the existing JAR file with the updated version:

1.  Download the latest COMMONS-TEXT-1.10.0.jar file from

2.  Manually replace the old COMMONS-TEXT-1.8.JAR or COMMONS-TEXT-1.9.JAR file with the COMMONS-TEXT-1.10.0.jar file at the following locations:

<Apache Tomcat>/webapps/jasperserver-pro/WEB-INF/lib
<JasperSoft Install>/buildomatic/lib

3.  Recycle the JasperSoft Tomcat service

Additional Information

CVE-2022-42889 - Service Management