Is CABI/JasperReports vulnerable to CVE-2023-46589?
search cancel

Is CABI/JasperReports vulnerable to CVE-2023-46589?

book

Article ID: 277759

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

This article provides info about CVE-2023-46589 vulnerability in CABI/JasperReports 7.9.x.

  • The CABI 7.9.2.3 has Apache Tomcat 8.5.95, which is vulnerable.
  • The CABI 7.9.2.2 has Apache Tomcat 8.5.93, which is vulnerable.
  • The CABI 7.9.2.1 has Apache Tomcat 8.5.81, which is vulnerable.
  • The CABI 7.9.1.1/7.9.1.2 has Apache Tomcat 8.5.64, which is vulnerable.

Environment

All CABI/JasperReports supported versions

Cause

The following tomcat versions are affected by this vulnerability:

11.0.0-M1 to 11.0.0-M10
10.1.0-M1 to 10.1.15
9.0.0-M1 to 9.0.82
8.5.0 to 8.5.95

Here are the fixed Version(s):

11.0.0-M11
10.1.16
9.0.83
8.5.96

Resolution

This vulnerability was fixed in CABI/JasperReports 7.9.2.4, where the embedded tomcat version was updated to 8.5.100.

In order to get the CABI 7.9.2.4 installer file, please contact the Broadcom Support team.

Additional Information

[F141948]: CABI 7.9.2.4 : Tomcat 8.5.97+ Upgrade (CVE-2023-46589)

Powered by Wolken Software