CVE-2024-3325: 
TIBCO JasperReports Server vulnerability analysis and mitigation

A vulnerability has been identified in Jaspersoft JasperReport Servers affecting versions from 8.0.4 through 9.0.0. The vulnerability has been assigned CVE-2024-3325 and received a CVSS v4.0 Base Score of 8.6 (HIGH) (NVD).

The vulnerability is classified as CWE-269 (Improper Privilege Management). It has been assigned a CVSS v4.0 vector string of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, indicating that it requires high privileges but can potentially lead to high impacts on confidentiality, integrity, and availability (NVD).

The vulnerability affects the JDBC driver upload functionality in JasperReports Server. When exploited, it could potentially lead to high impacts on system confidentiality, integrity, and availability. However, the actual impact is limited by the fact that the vulnerable functionality is disabled by default (Ubuntu).

The primary mitigation is to ensure that JDBC driver upload functionality remains disabled, which is the default configuration. For systems requiring this functionality, access should be strictly limited to trusted Superusers (Ubuntu).