Vulnerability Description
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Jasperreports Server | 6.4.0 |
| Tibco | Jaspersoft | 6.4.0 |
| Tibco | Jaspersoft Reporting And Analytics | 6.4.0 |
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/101878Third Party AdvisoryVDB Entry
- http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-novemberIssue TrackingVendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/101878Third Party AdvisoryVDB Entry
- http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-novemberIssue TrackingVendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
FAQ
What is CVE-2017-5533?
CVE-2017-5533 is a vulnerability with a CVSS score of 9.3 (CRITICAL). A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with ...
How severe is CVE-2017-5533?
CVE-2017-5533 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5533?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Jasperreports Server, Tibco Jaspersoft, Tibco Jaspersoft Reporting And Analytics.