Lucene search

[email protected]CVE-2017-5533

HistoryNov 17, 2017 - 12:00 a.m.

CVE-2017-5533

2017-11-1700:00:00

[email protected]

web.nvd.nist.gov

tibco jasperreports server

vulnerability

remote access

content cache

configuration files

nvd

cve-2017-5533

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Affected configurations

NVD

Node

tibcojasperreports_serverMatch6.4.0

tibcojasperreports_serverMatch6.4.0activematrix_bpm

tibcojasperreports_serverMatch6.4.0community

Node

tibcojaspersoftMatch6.4.0aws_with_multi-tenancy

tibcojaspersoft_reporting_and_analyticsMatch6.4.0aws

CPENameOperatorVersion
tibco:jasperreports_servertibco jasperreports servereq6.4.0

CPE	Name	Operator	Version
tibco:jasperreports_server	tibco jasperreports server	eq	6.4.0

CNA Affected

[
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for ActiveMatrix BPM",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      }
    ]
  },
  {
    "product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.0"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/101878

www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2017-5533

nvd1 debiancve1 cvelist1 openvas1 ubuntucve1 prion1 oracle4