CVE-2017-5529

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Library Community Edition versions 6.4.0 and below TIBCO JasperReports Library for ActiveMatrix BPM versions 6.2.0 and below TIBCO JasperReports Professional versions 6.2.1 and below, 6.3.0 TIBCO JasperReports Server versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0 TIBCO JasperReports Server Community Edition versions 6.3.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 6.2.0 and below TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.3.0 and below TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.3.0 and below TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.2.0 and below

Description The JasperReports library components contain an information disclosure issue, which could theoretically lead to the disclosure of any accessible information from the host file system.

Recommendations For TIBCO JasperReports Library Community Edition versions 6.4.0 and below, update to a version above 6.4.0. For TIBCO JasperReports Library for ActiveMatrix BPM versions 6.2.0 and below, update to a version above 6.2.0. For TIBCO JasperReports Professional versions 6.2.1 and below, 6.3.0, update to a version above 6.3.0. For TIBCO JasperReports Server versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0, update to a version above 6.3.0. For TIBCO JasperReports Server Community Edition versions 6.3.0 and below, update to a version above 6.3.0. For TIBCO JasperReports Server for ActiveMatrix BPM versions 6.2.0 and below, update to a version above 6.2.0. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.3.0 and below, update to a version above 6.3.0. For TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.3.0 and below, update to a version above 6.3.0. For TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.2.0 and below, update to a version above 6.2.0.