TIBCO JasperReports Server credentials disclosure
CVE-2017-5533

9.3CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Jasperreports Server; Tibco Jasperreports Server Community Edition; Tibco Jasperreports Server For Activematrix Bpm; Tibco Jaspersoft For Aws With Multi-tenancy
Vendor: CVE Published:; 15 November 2017

What is CVE-2017-5533?

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Affected Version(s)

TIBCO JasperReports Server 6.4.0

TIBCO JasperReports Server Community Edition 6.4.0

TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.tibco.com/support/advisories/2017/11/tibco-sec...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101878

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2017
Vulnerability Reserved
Jan 19, 2017

Tibco

What is CVE-2017-5533?

Affected Version(s)

References

CVSS V3.1

Timeline