CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5533

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile6.57th
PublishedNov 15, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.

Affected Platforms (CPE)

πŸ“¦
Tibco

Jasperreports Server

= 6.4.0
πŸ“¦
Tibco

Jasperreports Server

= 6.4.0
πŸ“¦
Tibco

Jasperreports Server

= 6.4.0
πŸ“¦
Tibco

Jaspersoft

= 6.4.0
πŸ“¦
Tibco

Jaspersoft Reporting And Analytics

= 6.4.0

References & Advisories

πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
πŸ”— http://www.securityfocus.com/bid/101878
πŸ”— http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
πŸ”— https://www.oracle.com/security-alerts/cpuapr2020.html
πŸ”— https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Related Vulnerabilities

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2020-94099.8

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplac...

CVE-2021-354959.0

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperRe...

CVE-2018-188088.8

The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition,...