CVE-2017-5533Software INC Tibco Jasperreports Server vulnerability

7 documents6 sources
Severity
9.8CRITICALNVD
CNA9.3
EPSS
0.5%
top 33.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Tibco Software INC Tibco Jasperreports ServerTibco Software INC Tibco Jasperreports Server Community EditionTibco Software INC Tibco Jasperreports Server FOR Activematrix BPM+5 more
Timeline
PublishedNov 15
Latest updateMay 13

Description

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Communit

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

🔴Vulnerability Details

3
GHSA
GHSA-27wc-fr9j-8x58: A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server fo2022-05-13
CVEList
TIBCO JasperReports Server credentials disclosure2017-11-15
OSV
CVE-2017-5533: A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server fo2017-11-15

📋Vendor Advisories

1
Oracle
Oracle Oracle Retail Applications Risk Matrix: Point of Sale (JasperReports) — CVE-2017-55332020-04-15

💬Community

2
Bugzilla
CVE-2017-5532 CVE-2017-5533 jasperreports: various flaws [fedora-all]2017-11-23
Bugzilla
CVE-2017-5533 jasperreports: Information disclosure in content cache2017-11-23
CVE-2017-5533 — CRITICAL severity | cvebase