Login/Register
  • Home
  • Community
  • Knowledge
  • Technical Docs
  • RWS Support Policy
  • Trados Studio Licensing Help
  • Login for Support
Back to Search Results

WorldServer Jasper Reports - serious vulnerability reported as CVE-2024-10271

000023021 |1/23/2025 8:20 AM
Scope/Environment
WorldServer
Symptoms/Context
A serious vulnerability has been discovered in TIBCO Jasper Reports reported as CVE-2024-10271. The TIBCO vulnerability report refers only to supported Jasper versions. Unsupported versions have not been tested. 

Based on this report, this vulnerability impacts all supported WorldServer versions with Jasper Reports installed and running, including WorldServer 11.8.0 and later versions (i.e., 11.8.0, 11.8.1, 11.8.2, and 11.8.3).

Note: WorldServer optionally uses Jasper Reports Server as its reporting engine. If Jasper Report is not installed in your WorldServer environment, you are not affected by this vulnerability.
 
Resolution
The resolution for these versions is to upgrade to WorldServer 11.8.3, and then to apply WorldServer 11.8.3 Hotfix 4. It is available in your secure FTP account. If you have misplaced your account information, please raise a support request via RWS Support Gateway and we can provide you with the details.

The hotfix file is called Reports_11.8.3_HF4.zip.

Instructions on how to deploy the hotfix are enclosed in the Readme.txt file included in the zip files.

Ensure you read the instructions carefully and take the appropriate backup files where needed.

Earlier versions of WorldServer (version 11.8.0 and below) contain Jasper versions that have not been tested by TIBCO, the developers of Jasper Reports, as these versions are no longer supported. Customers using older WorldServer versions should assume that this vulnerability affects them as well and should upgrade to version 11.8.3. No hotfixes will be provided for unsupported WorldServer versions.

This article contains a list of all RWS product versions and their support status.

Product Release Policy for TMS and WorldServer

Workaround: If you are unable to upgrade or install the hotfix promptly, consider temporarily disabling Jasper Reports. Here are step-by-step instructions in this article:

WorldServer - How can I disable Jasper Reports?


For any questions, please open a case through the RWS Support Gateway.
Root Cause

TIBCO Jasper Reports
List of suppported and retired versions of WorldServer and TMS
Reference
Relevant articles:

WorldServer - How can I disable Jasper Reports?
List of suppported and retired versions of WorldServer and TMS
Send Article Feedback
RWS Machine Translation Translation Software Language Services Content Management
All Contents Copyright © RWS.
COPYRIGHT PRIVACY POLICY COOKIE POLICY TERMS AND CONDITIONS