cbcvebase.
CVE-2017-5529
published 2017-06-29

CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible…

PriorityP433medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.33%
67.5th percentile
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
tibcojasperreports_library_community_edition<= 6.4.0
tibcojasperreports_library_for_activematrix_bpm<= 6.2.0
tibcojasperreports_professional<= 6.2.1
tibcojasperreports_professional
tibcojasperreports_server<= 6.1.1
tibcojasperreports_server
tibcojasperreports_server
tibcojasperreports_server
tibcojasperreports_server_community_edition<= 6.3.0
tibcojasperreports_server_for_activematrix_bpm<= 6.2.0
tibcojaspersoft_for_aws_with_multi-tenancy<= 6.3.0
tibcojaspersoft_reporting_and_analytics_for_aws<= 6.3.0
tibcojaspersoft_studio_for_activematrix_bpm<= 6.2.0
tibco_software_inctibco_jasperreports_library_community_edition
tibco_software_inctibco_jasperreports_library_for_activematrix_bpmunspecified – 6.2.0
tibco_software_inctibco_jasperreports_professional
tibco_software_inctibco_jasperreports_professionalunspecified – 6.2.1
tibco_software_inctibco_jasperreports_server
tibco_software_inctibco_jasperreports_server
tibco_software_inctibco_jasperreports_server
tibco_software_inctibco_jasperreports_serverunspecified – 6.1.1
tibco_software_inctibco_jasperreports_server_community_editionunspecified – 6.3.0
tibco_software_inctibco_jasperreports_server_for_activematrix_bpmunspecified – 6.2.0
tibco_software_inctibco_jaspersoft_for_aws_with_multi-tenancyunspecified – 6.3.0
tibco_software_inctibco_jaspersoft_reporting_and_analytics_for_awsunspecified – 6.3.0

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.5MEDIUM
vendor_redhat4.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.