cnvd - cnvd-2018-12933

CNVD-2018-12933

Vulnerability from cnvd - Published: 2018-07-12

Title

多款TIBCO产品信息泄露漏洞（CNVD-2018-12933）

Description

TIBCO JasperReports Library Community Edition等都是美国TIBCO软件公司的产品。TIBCO JasperReports Library Community Edition是一个报表生成编辑工具的社区版，TIBCO JasperReports Server是它的服务器版。多款TIBCO产品中存在信息泄露漏洞。攻击者可利用该漏洞获取主机文件系统中可访问的信息。

Severity

中

Patch Name

多款TIBCO产品信息泄露漏洞（CNVD-2018-12933）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0

Reference

http://www.securityfocus.com/bid/100473

Impacted products

Name
['TIBCO Jaspersoft Reporting and Analytics for AWS 6.3', 'TIBCO Jaspersoft Reporting and Analytics for AWS 6.1', 'TIBCO Jaspersoft for AWS with Multi-Tenancy 6.3', 'TIBCO Jaspersoft for AWS with Multi-Tenancy 6.1', 'TIBCO JasperReports Server for ActiveMatrix BPM 6.2', 'TIBCO JasperReports Server for ActiveMatrix BPM 6.1.1', 'TIBCO JasperReports Server for ActiveMatrix BPM 5.6.1', 'TIBCO JasperReports Server Community Edition 6.3', 'TIBCO JasperReports Server Community Edition 6.2', 'TIBCO JasperReports Server Community Edition 6.1', 'TIBCO JasperReports Server Community Edition 6.0.1', 'TIBCO JasperReports Server Community Edition 5.6', 'TIBCO JasperReports Server Community Edition 5.5', 'TIBCO JasperReports Server Community Edition 5.2', 'TIBCO JasperReports Server Community Edition 4.2.1', 'TIBCO JasperReports Server Community Edition 3.7', 'TIBCO JasperReports Library Community Edition 5.0', 'TIBCO JasperReports Library Community Edition 5.0.4', 'TIBCO JasperReports Library Community Edition 5.1', 'TIBCO JasperReports Library Community Edition 5.1.2', 'TIBCO JasperReports Library Community Edition 5.5', 'TIBCO JasperReports Library Community Edition 5.5.2', 'TIBCO JasperReports Library Community Edition 5.6', 'TIBCO JasperReports Library Community Edition 5.6.1', 'TIBCO JasperReports Library Community Edition 6.0', 'TIBCO JasperReports Library Community Edition 6.0.4', 'TIBCO JasperReports Library Community Edition 6.1', 'TIBCO JasperReports Library Community Edition 6.1.1', 'TIBCO JasperReports Library Community Edition 6.2', 'TIBCO JasperReports Library Community Edition 6.2.2', 'TIBCO JasperReports Library Community Edition 6.3', 'TIBCO JasperReports Library Community Edition 6.3.1', 'TIBCO JasperReports Library Community Edition 6.4', 'TIBCO JasperReports Library for ActiveMatrix BPM 3.7', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.1', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.2', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.5', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.7', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.2', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.5', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.6', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.1', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.2', 'TIBCO JasperReports Professional 6.2', 'TIBCO JasperReports Professional 6.2.1', 'TIBCO JasperReports Professional 6.3', 'TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.2']

Name

['TIBCO Jaspersoft Reporting and Analytics for AWS 6.3', 'TIBCO Jaspersoft Reporting and Analytics for AWS 6.1', 'TIBCO Jaspersoft for AWS with Multi-Tenancy 6.3', 'TIBCO Jaspersoft for AWS with Multi-Tenancy 6.1', 'TIBCO JasperReports Server for ActiveMatrix BPM 6.2', 'TIBCO JasperReports Server for ActiveMatrix BPM 6.1.1', 'TIBCO JasperReports Server for ActiveMatrix BPM 5.6.1', 'TIBCO JasperReports Server Community Edition 6.3', 'TIBCO JasperReports Server Community Edition 6.2', 'TIBCO JasperReports Server Community Edition 6.1', 'TIBCO JasperReports Server Community Edition 6.0.1', 'TIBCO JasperReports Server Community Edition 5.6', 'TIBCO JasperReports Server Community Edition 5.5', 'TIBCO JasperReports Server Community Edition 5.2', 'TIBCO JasperReports Server Community Edition 4.2.1', 'TIBCO JasperReports Server Community Edition 3.7', 'TIBCO JasperReports Library Community Edition 5.0', 'TIBCO JasperReports Library Community Edition 5.0.4', 'TIBCO JasperReports Library Community Edition 5.1', 'TIBCO JasperReports Library Community Edition 5.1.2', 'TIBCO JasperReports Library Community Edition 5.5', 'TIBCO JasperReports Library Community Edition 5.5.2', 'TIBCO JasperReports Library Community Edition 5.6', 'TIBCO JasperReports Library Community Edition 5.6.1', 'TIBCO JasperReports Library Community Edition 6.0', 'TIBCO JasperReports Library Community Edition 6.0.4', 'TIBCO JasperReports Library Community Edition 6.1', 'TIBCO JasperReports Library Community Edition 6.1.1', 'TIBCO JasperReports Library Community Edition 6.2', 'TIBCO JasperReports Library Community Edition 6.2.2', 'TIBCO JasperReports Library Community Edition 6.3', 'TIBCO JasperReports Library Community Edition 6.3.1', 'TIBCO JasperReports Library Community Edition 6.4', 'TIBCO JasperReports Library for ActiveMatrix BPM 3.7', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.1', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.2', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.5', 'TIBCO JasperReports Library for ActiveMatrix BPM 4.7', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.2', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.5', 'TIBCO JasperReports Library for ActiveMatrix BPM 5.6', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.0', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.1', 'TIBCO JasperReports Library for ActiveMatrix BPM 6.2', 'TIBCO JasperReports Professional 6.2', 'TIBCO JasperReports Professional 6.2.1', 'TIBCO JasperReports Professional 6.3', 'TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100473"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5529",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5529"
    }
  },
  "description": "TIBCO JasperReports Library Community Edition\u7b49\u90fd\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4ea7\u54c1\u3002TIBCO JasperReports Library Community Edition\u662f\u4e00\u4e2a\u62a5\u8868\u751f\u6210\u7f16\u8f91\u5de5\u5177\u7684\u793e\u533a\u7248\uff0cTIBCO JasperReports Server\u662f\u5b83\u7684\u670d\u52a1\u5668\u7248\u3002\r\n\r\n\u591a\u6b3eTIBCO\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e2d\u53ef\u8bbf\u95ee\u7684\u4fe1\u606f\u3002",
  "discovererName": "TIBCO",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12933",
  "openTime": "2018-07-12",
  "patchDescription": "TIBCO JasperReports Library Community Edition\u7b49\u90fd\u662f\u7f8e\u56fdTIBCO\u8f6f\u4ef6\u516c\u53f8\u7684\u4ea7\u54c1\u3002TIBCO JasperReports Library Community Edition\u662f\u4e00\u4e2a\u62a5\u8868\u751f\u6210\u7f16\u8f91\u5de5\u5177\u7684\u793e\u533a\u7248\uff0cTIBCO JasperReports Server\u662f\u5b83\u7684\u670d\u52a1\u5668\u7248\u3002\r\n\r\n\u591a\u6b3eTIBCO\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e2d\u53ef\u8bbf\u95ee\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eTIBCO\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-12933\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TIBCO Jaspersoft Reporting and Analytics for AWS 6.3",
      "TIBCO Jaspersoft Reporting and Analytics for AWS 6.1",
      "TIBCO Jaspersoft for AWS with Multi-Tenancy 6.3",
      "TIBCO Jaspersoft for AWS with Multi-Tenancy 6.1",
      "TIBCO JasperReports Server for ActiveMatrix BPM 6.2",
      "TIBCO JasperReports Server for ActiveMatrix BPM 6.1.1",
      "TIBCO JasperReports Server for ActiveMatrix BPM 5.6.1",
      "TIBCO JasperReports Server Community Edition 6.3",
      "TIBCO JasperReports Server Community Edition 6.2",
      "TIBCO JasperReports Server Community Edition 6.1",
      "TIBCO JasperReports Server Community Edition 6.0.1",
      "TIBCO JasperReports Server Community Edition 5.6",
      "TIBCO JasperReports Server Community Edition 5.5",
      "TIBCO JasperReports Server Community Edition 5.2",
      "TIBCO JasperReports Server Community Edition 4.2.1",
      "TIBCO JasperReports Server Community Edition 3.7",
      "TIBCO JasperReports Library Community Edition 5.0",
      "TIBCO JasperReports Library Community Edition 5.0.4",
      "TIBCO JasperReports Library Community Edition 5.1",
      "TIBCO JasperReports Library Community Edition 5.1.2",
      "TIBCO JasperReports Library Community Edition 5.5",
      "TIBCO JasperReports Library Community Edition 5.5.2",
      "TIBCO JasperReports Library Community Edition 5.6",
      "TIBCO JasperReports Library Community Edition 5.6.1",
      "TIBCO JasperReports Library Community Edition 6.0",
      "TIBCO JasperReports Library Community Edition 6.0.4",
      "TIBCO JasperReports Library Community Edition 6.1",
      "TIBCO JasperReports Library Community Edition 6.1.1",
      "TIBCO JasperReports Library Community Edition 6.2",
      "TIBCO JasperReports Library Community Edition 6.2.2",
      "TIBCO JasperReports Library Community Edition 6.3",
      "TIBCO JasperReports Library Community Edition 6.3.1",
      "TIBCO JasperReports Library Community Edition 6.4",
      "TIBCO JasperReports Library for ActiveMatrix BPM 3.7",
      "TIBCO JasperReports Library for ActiveMatrix BPM 4.0",
      "TIBCO JasperReports Library for ActiveMatrix BPM 4.1",
      "TIBCO JasperReports Library for ActiveMatrix BPM 4.2",
      "TIBCO JasperReports Library for ActiveMatrix BPM 4.5",
      "TIBCO JasperReports Library for ActiveMatrix BPM 4.7",
      "TIBCO JasperReports Library for ActiveMatrix BPM 5.0",
      "TIBCO JasperReports Library for ActiveMatrix BPM 5.2",
      "TIBCO JasperReports Library for ActiveMatrix BPM 5.5",
      "TIBCO JasperReports Library for ActiveMatrix BPM 5.6",
      "TIBCO JasperReports Library for ActiveMatrix BPM 6.0",
      "TIBCO JasperReports Library for ActiveMatrix BPM 6.1",
      "TIBCO JasperReports Library for ActiveMatrix BPM 6.2",
      "TIBCO JasperReports Professional 6.2",
      "TIBCO JasperReports Professional 6.2.1",
      "TIBCO JasperReports Professional 6.3",
      "TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/100473",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-14",
  "title": "\u591a\u6b3eTIBCO\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-12933\uff09"
}

CVE-2017-5529 (GCVE-0-2017-5529)

Vulnerability from cvelistv5 – Published: 2017-06-29 14:00 – Updated: 2024-09-17 02:52

Title

TIBCO JasperReports Library Information Disclosure

Summary

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

Severity ?

4.1 (Medium)


                        
                          CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:C/UI:R

CWE

Information disclosure

Assigner

tibco

References

URL

Tags

	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.tibco.com/support/advisories/2017/06/…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

TIBCO Software Inc.

TIBCO JasperReports Library Community Edition

Affected: 6.4.0

TIBCO Software Inc.	TIBCO JasperReports Library for ActiveMatrix BPM	Affected: unspecified , ≤ 6.2.0 (custom)
TIBCO Software Inc.	TIBCO JasperReports Professional	Affected: unspecified , ≤ 6.2.1 (custom) Affected: 6.3.0
TIBCO Software Inc.	TIBCO JasperReports Server	Affected: unspecified , ≤ 6.1.1 (custom) Affected: 6.2.0 Affected: 6.2.1 Affected: 6.3.0
TIBCO Software Inc.	TIBCO JasperReports Server Community Edition	Affected: unspecified , ≤ 6.3.0 (custom)
TIBCO Software Inc.	TIBCO JasperReports Server for ActiveMatrix BPM	Affected: unspecified , ≤ 6.2.0 (custom)
TIBCO Software Inc.	TIBCO Jaspersoft for AWS with Multi-Tenancy	Affected: unspecified , ≤ 6.3.0 (custom)
TIBCO Software Inc.	TIBCO Jaspersoft Reporting and Analytics for AWS	Affected: unspecified , ≤ 6.3.0 (custom)
TIBCO Software Inc.	TIBCO Jaspersoft Studio for ActiveMatrix BPM	Affected: unspecified , ≤ 6.2.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:15.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO JasperReports Library Community Edition",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0"
            }
          ]
        },
        {
          "product": "TIBCO JasperReports Library for ActiveMatrix BPM",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO JasperReports Professional",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.3.0"
            }
          ]
        },
        {
          "product": "TIBCO JasperReports Server",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.2.0"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.3.0"
            }
          ]
        },
        {
          "product": "TIBCO JasperReports Server Community Edition",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO JasperReports Server for ActiveMatrix BPM",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Jaspersoft Reporting and Analytics for AWS",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "6.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:41",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "title": "TIBCO JasperReports Library Information Disclosure",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@tibco.com",
          "DATE_PUBLIC": "2017-06-28T09:00:00-07",
          "ID": "CVE-2017-5529",
          "STATE": "PUBLIC",
          "TITLE": "TIBCO JasperReports Library Information Disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TIBCO JasperReports Library Community Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.0",
                            "versions_affected": "\u003c="
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO JasperReports Professional",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO JasperReports Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.1.1"
                          },
                          {
                            "version_value": "6.2.0"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO JasperReports Server Community Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TIBCO Software Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below)."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "C",
              "UI": "R"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0",
              "refsource": "CONFIRM",
              "url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2017-5529",
    "datePublished": "2017-06-29T14:00:00Z",
    "dateReserved": "2017-01-19T00:00:00",
    "dateUpdated": "2024-09-17T02:52:33.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-12933

CVE-2017-5529 (GCVE-0-2017-5529)

Tags

Sightings

Nomenclature