search cancel

Jaspersoft CVE-2020-1938 "GhostCat" vulnerability and IGA


Article ID: 185905


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


Is CABI Jaspersoft vulnerable by CVE-2020-1938 "GhostCat" vulnerability?


Release : 14.2
Jasper 6.1, 7.1.1 and above

Component : IGA suite


Out of the box, CABI Jaspersoft is vulnerable by this GhostCat vulnerability.
However, this is only due to TIBCO leaving the connector on - though it is not used.

The AJP Connector can be commented out / removed from the server.xml file for CABI Jaspersoft without affecting the product and its integration with Identity Suite.

Additional Information

6.1.0 Jasper is no longer supported by Jasper.  It is also recommended you upgrade to Jasper 7.1.1.

Download 7.1.1

PSM Updates for Identity Suite - CA Business Intelligence JasperReports Server 7.1.1