Is CABI/JasperReports vulnerable to CVE-2023-46589?
search cancel

Is CABI/JasperReports vulnerable to CVE-2023-46589?

book

Article ID: 277759

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

This article provides info about CVE-2023-46589 vulnerability in CABI/JasperReports 7.9.x.

 

  • The CABI 7.9.2.3 is to be released along with DX NetOps 23.3.5 and will have Apache Tomcat 8.5.95, which is vulnerable.
  • The CABI 7.9.2.2 has Apache Tomcat 8.5.93, which is vulnerable.
  • The CABI 7.9.2.1 has Apache Tomcat 8.5.81, which is vulnerable.
  • The CABI 7.9.1.1/7.9.1.2 has Apache Tomcat 8.5.64, which is vulnerable.

Environment

All CABI/JasperReports supported versions

Cause

The following tomcat versions are affected by this vulnerability:

11.0.0-M1 to 11.0.0-M10
10.1.0-M1 to 10.1.15
9.0.0-M1 to 9.0.82
8.5.0 to 8.5.95

Here are the fixed Version(s):

11.0.0-M11
10.1.16
9.0.83
8.5.96

Resolution

This vulnerability will be fixed in CABI/JasperReports 7.9.2.4. There is no ETA at this time.

[F141948]: CABI 7.9.2.4 : Tomcat 8.5.97+ Upgrade (CVE-2023-46589)