EUVD-2017-14631

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Multiple JasperReports Server components are vulnerable to XSS and CSRF attacks exposing sensitive data.

Reporter	Title	Published	Views	Family All 13
CNVD	Cross-Site Scripting Vulnerability in Multiple TIBCO Products	3 Jul 201700:00	–	cnvd
CVE	CVE-2017-5528	29 Jun 201714:00	–	cve
Cvelist	CVE-2017-5528 TIBCO JasperReports Server cross-site vulnerabilities	29 Jun 201714:00	–	cvelist
Debian CVE	CVE-2017-5528	29 Jun 201714:00	–	debiancve
NVD	CVE-2017-5528	29 Jun 201714:29	–	nvd
OpenVAS	TIBCO JasperReports < 6.4.0 Multiple Vulnerabilities	5 Jul 201700:00	–	openvas
OSV	UBUNTU-CVE-2017-5528	29 Jun 201714:29	–	osv
Prion	Cross site request forgery (csrf)	29 Jun 201714:29	–	prion
Tenable Nessus	RHEL 7 : jasperrreports (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : jasperreports-server-pro (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "012d0d2f-a88f-3404-b86d-fdad8458d1b2",
        "vendor": {
          "name": "TIBCO Software Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "149ed439-a8bb-3a41-8302-0dddbc19ab57",
        "product": {
          "name": "TIBCO JasperReports Server"
        },
        "product_version": "6.3.0"
      },
      {
        "id": "15f8c0a3-bec3-3de5-9ca0-6c2a29e9f349",
        "product": {
          "name": "TIBCO JasperReports Server"
        },
        "product_version": "6.2.0"
      },
      {
        "id": "1df43944-6e1f-3b1b-b544-a8cea19d6c10",
        "product": {
          "name": "TIBCO JasperReports Server Community Edition"
        },
        "product_version": "unspecified ≤6.3.0"
      },
      {
        "id": "4717ddea-c3ab-3248-81ba-56d57e40f766",
        "product": {
          "name": "TIBCO JasperReports Server"
        },
        "product_version": "6.2.1"
      },
      {
        "id": "4873772f-5697-3d84-a177-b116f77ae9d7",
        "product": {
          "name": "TIBCO Jaspersoft Reporting and Analytics for AWS"
        },
        "product_version": "unspecified ≤6.3.0"
      },
      {
        "id": "492ceec7-9162-3ae6-a9f2-c8d3b9f5d362",
        "product": {
          "name": "TIBCO Jaspersoft for AWS with Multi-Tenancy"
        },
        "product_version": "unspecified ≤6.3.0"
      },
      {
        "id": "d2f93c70-016b-3956-9a42-063ae6b9345b",
        "product": {
          "name": "TIBCO JasperReports Server for ActiveMatrix BPM"
        },
        "product_version": "unspecified ≤6.2.0"
      },
      {
        "id": "f4ffb9b3-c840-357d-8ab5-65fe1cef0086",
        "product": {
          "name": "TIBCO JasperReports Server"
        },
        "product_version": "unspecified ≤6.1.1"
      }
    ]
  }
]

Source	Link
tibco	www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6Medium risk

Vulners AI Score6

CVSS 35.7

CVSS 26.8

CVSS 3.18.8

EPSS0.00135