cbcvebase.
CVE-2017-5533
published 2017-11-15

CVE-2017-5533: A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for…

PriorityP351critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.98%
78.1th percentile
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Affected

8 ranges
VendorProductVersion rangeFixed in
tibcojasperreports_server
tibcojaspersoft
tibcojaspersoft_reporting_and_analytics
tibco_software_inctibco_jasperreports_server
tibco_software_inctibco_jasperreports_server_community_edition
tibco_software_inctibco_jasperreports_server_for_activematrix_bpm
tibco_software_inctibco_jaspersoft_for_aws_with_multi-tenancy
tibco_software_inctibco_jaspersoft_reporting_and_analytics_for_aws

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_oracle7.5CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.