CVE-2017-5532

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0 TIBCO JasperReports Server Community Edition versions 6.4.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.0 and below TIBCO JasperReports Library versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1 TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.1 and below TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.0 and below TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.0 and below TIBCO Jaspersoft Studio versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0 TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.0 and below

Description A vulnerability in the report renderer component may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks.

Recommendations For TIBCO JasperReports Server versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, update to a version above 6.4.0. For TIBCO JasperReports Server Community Edition versions 6.4.0 and below, update to a version above 6.4.0. For TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.0 and below, update to a version above 6.4.0. For TIBCO JasperReports Library versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, update to a version above 6.4.1. For TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.1 and below, update to a version above 6.4.1. For TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.0 and below, update to a version above 6.4.0. For TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.0 and below, update to a version above 6.4.0. For TIBCO Jaspersoft Studio versions 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, update to a version above 6.4.0. For TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.0 and below, update to a version above 6.4.0.