CVE-2017-5529Sensitive Information Exposure in Software INC Tibco Jasperreports Library FOR Activematrix BPM

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
6.5MEDIUMNVD
CNA4.1
EPSS
0.3%
top 46.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Tibco Software INC Tibco Jasperreports Library FOR Activematrix BPMTibco Software INC Tibco Jasperreports ProfessionalTibco Software INC Tibco Jasperreports Server+15 more
Timeline
PublishedJun 29
Latest updateMay 14

Description

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0),

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages17 packages

🔴Vulnerability Details

3
GHSA
GHSA-c4qf-w393-rfcw: JasperReports library components contain an information disclosure vulnerability2022-05-14
OSV
CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability2017-06-29
CVEList
TIBCO JasperReports Library Information Disclosure2017-06-29

📋Vendor Advisories

1
Red Hat
jasperreports: Information disclosure vulnerability2017-06-28

💬Community

2
Bugzilla
CVE-2017-5529 jasperreports: Information disclosure vulnerability2017-07-24
Bugzilla
CVE-2017-5528 CVE-2017-5529 jasperreports: various flaws [fedora-all]2017-07-24
CVE-2017-5529 — Sensitive Information Exposure | cvebase