PT-2017-16564 · Tibco · Tibco Jasperreports Server Community Edition+4
Published
2017-11-15
·
Updated
2019-10-03
·
CVE-2017-5533
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TIBCO JasperReports Server version 6.4.0
TIBCO JasperReports Server Community Edition version 6.4.0
TIBCO JasperReports Server for ActiveMatrix BPM version 6.4.0
TIBCO Jaspersoft for AWS with Multi-Tenancy version 6.4.0
TIBCO Jaspersoft Reporting and Analytics for AWS version 6.4.0
Description
A vulnerability in the server content cache of the affected software fails to prevent remote access to all the contents of the web application, including key configuration files.
Recommendations
For TIBCO JasperReports Server version 6.4.0, update to a version that contains a fix for this issue.
For TIBCO JasperReports Server Community Edition version 6.4.0, update to a version that contains a fix for this issue.
For TIBCO JasperReports Server for ActiveMatrix BPM version 6.4.0, update to a version that contains a fix for this issue.
For TIBCO Jaspersoft for AWS with Multi-Tenancy version 6.4.0, update to a version that contains a fix for this issue.
For TIBCO Jaspersoft Reporting and Analytics for AWS version 6.4.0, update to a version that contains a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tibco Jasperreports Server
Tibco Jasperreports Server Community Edition
Tibco Jasperreports Server For Activematrix Bpm
Tibco Jaspersoft Reporting/Analytics For Aws
Tibco Jaspersoft For Aws With Multi-Tenancy