FKIE_CVE-2017-5529

Vulnerability from fkie_nvd - Published: 2017-06-29 14:29 - Updated: 2025-04-20 01:37
Severity ?
4.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).
References
security@tibco.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
security@tibco.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
security@tibco.comhttps://www.oracle.com/security-alerts/cpuapr2020.html
security@tibco.comhttps://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0Vendor Advisory
Impacted products
Vendor Product Version
tibco jasperreports_library_community_edition *
tibco jasperreports_library_for_activematrix_bpm *
tibco jasperreports_professional *
tibco jasperreports_professional 6.3.0
tibco jasperreports_server *
tibco jasperreports_server 6.2.0
tibco jasperreports_server 6.2.1
tibco jasperreports_server 6.3.0
tibco jasperreports_server_community_edition *
tibco jasperreports_server_for_activematrix_bpm *
tibco jaspersoft_for_aws_with_multi-tenancy *
tibco jaspersoft_reporting_and_analytics_for_aws *
tibco jaspersoft_studio_for_activematrix_bpm *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_library_community_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BADDE3-0215-4B61-9EF4-EBEBCDDC618F",
              "versionEndIncluding": "6.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_library_for_activematrix_bpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C41772A-63F9-4CCD-8DBE-105F8A2EF59B",
              "versionEndIncluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_professional:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "053B3DCB-B3DA-4257-940D-D95041266461",
              "versionEndIncluding": "6.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_professional:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "117FDD9C-EC7B-4102-B90C-5B3BF67143C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB779293-3B1E-4EFA-9949-194F50DF7829",
              "versionEndIncluding": "6.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A9B006-2D34-4F4B-90D2-3AA6F4008C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B3F43A-CBE2-4E1C-B2D8-CABDDE37E639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF00ED7-2B4C-4043-A061-84ADFB785C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server_community_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FAD9BF-8E18-4547-8F86-3ECB0625C82A",
              "versionEndIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jasperreports_server_for_activematrix_bpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD91052-9CD6-46CC-A8C1-97B4C728E4FC",
              "versionEndIncluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jaspersoft_for_aws_with_multi-tenancy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDDCA701-8160-40CC-9BB9-A1325EB7ABD6",
              "versionEndIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics_for_aws:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C80725-2AEE-4A9D-A5E4-4747359AA7CE",
              "versionEndIncluding": "6.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:jaspersoft_studio_for_activematrix_bpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB2E7DF-C120-47DF-B1A4-063E91824560",
              "versionEndIncluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below)."
    },
    {
      "lang": "es",
      "value": "Los componentes de la biblioteca JasperReports contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Esta vulnerabilidad incluye la divulgaci\u00f3n, en teor\u00eda, de cualquier informaci\u00f3n accesible desde el sistema de archivos del host. Afecta a TIBCO JasperReports Library Community Edition (versiones 6.4.0 y anteriores), TIBCO JasperReports Library for ActiveMatrix BPM (versiones 6.2.0 y anteriores), TIBCO JasperReports Professional (versiones 6.2.1 y anteriores y la versi\u00f3n 6.3.0), TIBCO JasperReports Server (versiones 6.1.1 y anteriores, 6.2.0, 6.2.1 y 6.3.0), TIBCO JasperReports Server Community Edition (versiones 6.3.0 y anteriores), TIBCO JasperReports Server for ActiveMatrix BPM (versiones 6.2.0 y anteriores), TIBCO Jaspersoft for AWS with Multi-Tenancy (versiones 6.3.0 y anteriores), TIBCO Jaspersoft Reporting and Analytics for AWS (versiones 6.3.0 y anteriores) y TIBCO Jaspersoft Studio for ActiveMatrix BPM (versiones 6.2.0 y anteriores)."
    }
  ],
  "id": "CVE-2017-5529",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-29T14:29:00.210",
  "references": [
    {
      "source": "security@tibco.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security@tibco.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security@tibco.com",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.