CVE-2017-14941 — MEDIUM (6.5)

Vulnerability Description

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jaspersoft	Jasperreports	4.7.0

Related Weaknesses (CWE)

CWE-200

References

https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JIssue TrackingThird Party Advisory
https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JIssue TrackingThird Party Advisory

FAQ

What is CVE-2017-14941?

CVE-2017-14941 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and read...

How severe is CVE-2017-14941?

CVE-2017-14941 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14941?

Check the references section above for vendor advisories and patch information. Affected products include: Jaspersoft Jasperreports.