CVE-2017-5529
TIBCO JasperReports Library Information Disclosure
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).
CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:C/UI:R
Productos afectados
TIBCO Software Inc. · TIBCO JasperReports Library Community EditionTIBCO Software Inc. · TIBCO JasperReports Library for ActiveMatrix BPMTIBCO Software Inc. · TIBCO JasperReports ProfessionalTIBCO Software Inc. · TIBCO JasperReports ServerTIBCO Software Inc. · TIBCO JasperReports Server Community EditionTIBCO Software Inc. · TIBCO JasperReports Server for ActiveMatrix BPMTIBCO Software Inc. · TIBCO Jaspersoft for AWS with Multi-TenancyTIBCO Software Inc. · TIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Software Inc. · TIBCO Jaspersoft Studio for ActiveMatrix BPM¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html