XSS in Tibco Jasperreports_library
CVE-2017-5532
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for Act…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (48.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N.
Affected products
- Tibco Jasperreports_library — versions 6.3.0, 6.3.1, 6.3.2
- Tibco Jasperreports_server — versions 6.3.0, 6.3.1, 6.3.2
- Tibco Jaspersoft
- Tibco Jaspersoft_reporting_and_analytics
- Tibco Jaspersoft_studio — versions 6.3.0, 6.3.1, 6.3.2
- Tibco Software Inc. Jasperreports Library — versions 6.4.0, 6.3.2, 6.3.0
- Tibco Software Inc. Jasperreports Library For Activematrix Bpm — versions 6.4.1 and below
- Tibco Software Inc. Jasperreports Server — versions 6.4.0, 6.3.2, 6.3.0
- Tibco Software Inc. Jasperreports Server Community Edition — versions 6.4.0 and below
- Tibco Software Inc. Jasperreports Server For Activematrix Bpm — versions 6.4.0 and below
Weakness classification (CWE)
References
- security@tibco.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, Issue Tracking, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-5532?
- CVE-2017-5532 is a medium-severity vulnerability in Tibco Jasperreports_library, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2017-11-15.
- How severe is CVE-2017-5532?
- Medium severity. CVSS v3 base score is 5.4 out of 10.