Lucene search

[email protected]NVD:CVE-2017-5529

HistoryJun 29, 2017 - 2:29 p.m.

CVE-2017-5529

2017-06-2914:29:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

Affected configurations

Nvd

Node

tibcojasperreports_library_community_editionRange≤6.4.0

Node

tibcojasperreports_library_for_activematrix_bpmRange≤6.2.0

Node

tibcojasperreports_professionalRange≤6.2.1

tibcojasperreports_professionalMatch6.3.0

Node

tibcojasperreports_serverRange≤6.1.1

tibcojasperreports_serverMatch6.2.0

tibcojasperreports_serverMatch6.2.1

tibcojasperreports_serverMatch6.3.0

Node

tibcojasperreports_server_community_editionRange≤6.3.0

Node

tibcojasperreports_server_for_activematrix_bpmRange≤6.2.0

Node

tibcojaspersoft_for_aws_with_multi-tenancyRange≤6.3.0

Node

tibcojaspersoft_reporting_and_analytics_for_awsRange≤6.3.0

Node

tibcojaspersoft_studio_for_activematrix_bpmRange≤6.2.0

VendorProductVersionCPE
tibcojasperreports_library_community_edition*cpe:2.3:a:tibco:jasperreports_library_community_edition:*:*:*:*:*:*:*:*
tibcojasperreports_library_for_activematrix_bpm*cpe:2.3:a:tibco:jasperreports_library_for_activematrix_bpm:*:*:*:*:*:*:*:*
tibcojasperreports_professional*cpe:2.3:a:tibco:jasperreports_professional:*:*:*:*:*:*:*:*
tibcojasperreports_professional6.3.0cpe:2.3:a:tibco:jasperreports_professional:6.3.0:*:*:*:*:*:*:*
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*
tibcojasperreports_server6.2.0cpe:2.3:a:tibco:jasperreports_server:6.2.0:*:*:*:*:*:*:*
tibcojasperreports_server6.2.1cpe:2.3:a:tibco:jasperreports_server:6.2.1:*:*:*:*:*:*:*
tibcojasperreports_server6.3.0cpe:2.3:a:tibco:jasperreports_server:6.3.0:*:*:*:*:*:*:*
tibcojasperreports_server_community_edition*cpe:2.3:a:tibco:jasperreports_server_community_edition:*:*:*:*:*:*:*:*
tibcojasperreports_server_for_activematrix_bpm*cpe:2.3:a:tibco:jasperreports_server_for_activematrix_bpm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	jasperreports_library_community_edition	*	cpe:2.3:a:tibco:jasperreports_library_community_edition::::::::
tibco	jasperreports_library_for_activematrix_bpm	*	cpe:2.3:a:tibco:jasperreports_library_for_activematrix_bpm::::::::
tibco	jasperreports_professional	*	cpe:2.3:a:tibco:jasperreports_professional::::::::
tibco	jasperreports_professional	6.3.0	cpe:2.3:a:tibco:jasperreports_professional:6.3.0:::::::*
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server::::::::
tibco	jasperreports_server	6.2.0	cpe:2.3:a:tibco:jasperreports_server:6.2.0:::::::*
tibco	jasperreports_server	6.2.1	cpe:2.3:a:tibco:jasperreports_server:6.2.1:::::::*
tibco	jasperreports_server	6.3.0	cpe:2.3:a:tibco:jasperreports_server:6.3.0:::::::*
tibco	jasperreports_server_community_edition	*	cpe:2.3:a:tibco:jasperreports_server_community_edition::::::::
tibco	jasperreports_server_for_activematrix_bpm	*	cpe:2.3:a:tibco:jasperreports_server_for_activematrix_bpm::::::::