← Back

CVE-2017-5532

nvd nist
Published: Nov 15, 2017Modified: May 13, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.

Affected (22)

Tibco
5 products
Jasperreports Server
Jasperreports Library
Jaspersoft
Jaspersoft Reporting And Analytics
Jaspersoft Studio
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Tibco
Jasperreports Server
Up to 6.2.3
Jasperreports Server
Version 6.3.0
Jasperreports Server
Version 6.3.1
Jasperreports Server
Version 6.3.2
Jasperreports Server
Version 6.4.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Jasperreports Server
Up to 6.4.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Jasperreports Server
Up to 6.4.0
Configuration D
6 vulnerable
Vulnerable SoftwareAffected Versions
Tibco
Jasperreports Library
Up to 6.2.3
Jasperreports Library
Version 6.3.0
Jasperreports Library
Version 6.3.1
Jasperreports Library
Version 6.3.2
Jasperreports Library
Version 6.4.0
Jasperreports Library
Version 6.4.1
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Jasperreports Library
Up to 6.4.1
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Jaspersoft
Up to 6.4.0
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Jaspersoft Reporting And Analytics
Up to 6.4.0
Configuration H
5 vulnerable
Vulnerable SoftwareAffected Versions
Tibco
Jaspersoft Studio
Up to 6.2.3
Jaspersoft Studio
Version 6.3.0
Jaspersoft Studio
Version 6.3.1
Jaspersoft Studio
Version 6.3.2
Jaspersoft Studio
Version 6.4.0
Configuration I
1 vulnerable
Vulnerable SoftwareAffected Versions
Jaspersoft Studio
Up to 6.4.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: security@tibco.com
Issue TrackingThird Party AdvisoryVDB Entry
Source: security@tibco.com
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.