Jaspersoft CVE-2020-1938 "GhostCat" vulnerability and IGA
Article ID: 185905
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
Is CABI Jaspersoft vulnerable by CVE-2020-1938 "GhostCat" vulnerability?
Environment
Release : 14.2
Jasper 6.1, 7.1.1 and above
Component : IGA suite
Resolution
Out of the box, CABI Jaspersoft is vulnerable by this GhostCat vulnerability.
However, this is only due to TIBCO leaving the connector on - though it is not used.
The AJP Connector can be commented out / removed from the server.xml file for CABI Jaspersoft without affecting the product and its integration with Identity Suite.
However, this is only due to TIBCO leaving the connector on - though it is not used.
The AJP Connector can be commented out / removed from the server.xml file for CABI Jaspersoft without affecting the product and its integration with Identity Suite.
Additional Information
https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
https://www.chaitin.cn/en/ghostcat
6.1.0 Jasper is no longer supported by Jasper. It is also recommended you upgrade to Jasper 7.1.1.
Download 7.1.1
https://knowledge.broadcom.com/external/article/143004
https://www.chaitin.cn/en/ghostcat
6.1.0 Jasper is no longer supported by Jasper. It is also recommended you upgrade to Jasper 7.1.1.
Download 7.1.1
https://knowledge.broadcom.com/external/article/143004
PSM Updates for Identity Suite - CA Business Intelligence JasperReports Server 7.1.1
https://community.broadcom.com/enterprisesoftware/blogs/budit02/2020/01/10/psm-updates-for-identity-suite-jaspersoft-711?CommunityKey=783a8a1e-bb2b-473a-a0c3-7be7b1d92c60&tab=recentcommunityblogsdashboardFeedback
Yes
No
Powered by
