CVE-2017-5528

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0 TIBCO JasperReports Server Community Edition versions 6.3.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 6.2.0 and below TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.2.0 and below TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.2.0 and below

Description The issue allows authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, which may lead to the disclosure of sensitive information.

Recommendations For TIBCO JasperReports Server versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0, update to a version above 6.3.0 to resolve the issue. For TIBCO JasperReports Server Community Edition versions 6.3.0 and below, update to a version above 6.3.0 to resolve the issue. For TIBCO JasperReports Server for ActiveMatrix BPM versions 6.2.0 and below, update to a version above 6.2.0 to resolve the issue. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.2.0 and below, update to a version above 6.2.0 to resolve the issue. For TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.2.0 and below, update to a version above 6.2.0 to resolve the issue.