CVE-2017-5529

EPSS 0.31%
Published 29.06.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source security@tibco.com
Teams watchlist Login
Open Login

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Tibco ≫ Jasperreports Library Community Edition Version <= 6.4.0

Tibco ≫ Jasperreports Library For Activematrix Bpm Version <= 6.2.0

Tibco ≫ Jasperreports Professional Version <= 6.2.1

Tibco ≫ Jasperreports Professional Version6.3.0

Tibco ≫ Jasperreports Server Version <= 6.1.1

Tibco ≫ Jasperreports Server Version6.2.0

Tibco ≫ Jasperreports Server Version6.2.1

Tibco ≫ Jasperreports Server Version6.3.0

Tibco ≫ Jasperreports Server Community Edition Version <= 6.3.0

Tibco ≫ Jasperreports Server For Activematrix Bpm Version <= 6.2.0

Tibco ≫ Jaspersoft For Aws With Multi-tenancy Version <= 6.3.0

Tibco ≫ Jaspersoft Reporting And Analytics For Aws Version <= 6.3.0

Tibco ≫ Jaspersoft Studio For Activematrix Bpm Version <= 6.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.508

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security@tibco.com	4.1	2.3	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-5529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5529

EUVD