CVE-2017-5529
published 2017-06-29CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible…
PriorityP433medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.33%
67.5th percentile
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tibco | jasperreports_library_community_edition | <= 6.4.0 | — |
| tibco | jasperreports_library_for_activematrix_bpm | <= 6.2.0 | — |
| tibco | jasperreports_professional | <= 6.2.1 | — |
| tibco | jasperreports_professional | — | — |
| tibco | jasperreports_server | <= 6.1.1 | — |
| tibco | jasperreports_server | — | — |
| tibco | jasperreports_server | — | — |
| tibco | jasperreports_server | — | — |
| tibco | jasperreports_server_community_edition | <= 6.3.0 | — |
| tibco | jasperreports_server_for_activematrix_bpm | <= 6.2.0 | — |
| tibco | jaspersoft_for_aws_with_multi-tenancy | <= 6.3.0 | — |
| tibco | jaspersoft_reporting_and_analytics_for_aws | <= 6.3.0 | — |
| tibco | jaspersoft_studio_for_activematrix_bpm | <= 6.2.0 | — |
| tibco_software_inc | tibco_jasperreports_library_community_edition | — | — |
| tibco_software_inc | tibco_jasperreports_library_for_activematrix_bpm | unspecified – 6.2.0 | — |
| tibco_software_inc | tibco_jasperreports_professional | — | — |
| tibco_software_inc | tibco_jasperreports_professional | unspecified – 6.2.1 | — |
| tibco_software_inc | tibco_jasperreports_server | — | — |
| tibco_software_inc | tibco_jasperreports_server | — | — |
| tibco_software_inc | tibco_jasperreports_server | — | — |
| tibco_software_inc | tibco_jasperreports_server | unspecified – 6.1.1 | — |
| tibco_software_inc | tibco_jasperreports_server_community_edition | unspecified – 6.3.0 | — |
| tibco_software_inc | tibco_jasperreports_server_for_activematrix_bpm | unspecified – 6.2.0 | — |
| tibco_software_inc | tibco_jaspersoft_for_aws_with_multi-tenancy | unspecified – 6.3.0 | — |
| tibco_software_inc | tibco_jaspersoft_reporting_and_analytics_for_aws | unspecified – 6.3.0 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.5MEDIUM
vendor_redhat4.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4qf-w393-rfcw: JasperReports library components contain an information disclosure vulnerability
ghsa_unreviewed·2022-05-14
CVE-2017-5529 [MEDIUM] CWE-200 GHSA-c4qf-w393-rfcw: JasperReports library components contain an information disclosure vulnerability
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), a
OSV
CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability
osv·2017-06-29·CVSS 6.5
CVE-2017-5529 [MEDIUM] CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), a
Red Hat
jasperreports: Information disclosure vulnerability
vendor_redhat·2017-06-28·CVSS 4.1
CVE-2017-5529 [MEDIUM] CWE-200 jasperreports: Information disclosure vulnerability
jasperreports: Information disclosure vulnerability
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reportin
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-5529 jasperreports: Information disclosure vulnerability
bugzilla·2017-07-24·CVSS 4.1
CVE-2017-5529 [MEDIUM] CVE-2017-5529 jasperreports: Information disclosure vulnerability
CVE-2017-5529 jasperreports: Information disclosure vulnerability
JasperReports library components contain an information disclosure
vulnerability. This vulnerability includes the theoretical disclosure
of any accessible information from the host file system. Affects TIBCO
JasperReports Library Community Edition (versions 6.4.0 and below),
TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and
below), TIBCO JasperReports Professional (versions 6.2.1 and below,
and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below,
6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition
(versions 6.3.0 and below), TIBCO JasperReports Server for
ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS
with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspe
Bugzilla
CVE-2017-5528 CVE-2017-5529 jasperreports: various flaws [fedora-all]
bugzilla·2017-07-24·CVSS 8.8
CVE-2017-5528 [HIGH] CVE-2017-5528 CVE-2017-5529 jasperreports: various flaws [fedora-all]
CVE-2017-5528 CVE-2017-5529 jasperreports: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedo
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0
2017-06-29
Published