Lucene search

K
nvd[email protected]NVD:CVE-2017-5533
HistoryNov 15, 2017 - 9:29 p.m.

CVE-2017-5533

2017-11-1521:29:00
web.nvd.nist.gov
2

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

74.5%

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Affected configurations

Nvd
Node
tibcojasperreports_serverMatch6.4.0
OR
tibcojasperreports_serverMatch6.4.0activematrix_bpm
OR
tibcojasperreports_serverMatch6.4.0community
Node
tibcojaspersoftMatch6.4.0aws_with_multi-tenancy
OR
tibcojaspersoft_reporting_and_analyticsMatch6.4.0aws
VendorProductVersionCPE
tibcojasperreports_server6.4.0cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:*
tibcojasperreports_server6.4.0cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:activematrix_bpm:*:*
tibcojasperreports_server6.4.0cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:community:*:*:*
tibcojaspersoft6.4.0cpe:2.3:a:tibco:jaspersoft:6.4.0:*:*:*:*:aws_with_multi-tenancy:*:*
tibcojaspersoft_reporting_and_analytics6.4.0cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics:6.4.0:*:*:*:*:aws:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

74.5%