Security Advisory for TIBCO JasperReports Server

Products	Versions
TIBCO JasperReports Server	6.2.3 and below, 6.3.0, 6.3.1 and 6.3.2, 6.4, Community Edition Versions 6.4.0 and below
TIBCO JasperReports Library for ActiveMatrix BPM	6.4.1 and below
TIBCO Jaspersoft Studio	6.2.3 and below, 6.3.0, 6.3.1, and 6.3.2, 6.4.0

Description

TIBCO JasperReports persistent cross site scripting

Original release date: November 15, 2017

Last revised: --

Source: TIBCO Software Inc.

Description

The JasperReports components listed above contain a vulnerability which
may allow a subset of authorized users to perform persistent cross-site
scripting (XSS) attacks.

Impact

The impact of this vulnerability includes the possibility that a malicious
user can gain access to a more privileged account.

CVSS v3 Base Score: 5.4 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N)

Environment

Systems Affected TIBCO JasperReports Server versions 6.2.3 and below TIBCO JasperReports Server versions 6.3.0, 6.3.1, and 6.3.2 TIBCO JasperReports Server version 6.4.0 TIBCO JasperReports Server Community Edition versions 6.4.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.0 and below TIBCO JasperReports Library versions 6.2.3 and below TIBCO JasperReports Library versions 6,3.0, 6.3.1, and 6.3.2 TIBCO JasperReports Library versions 6.4.0, and 6.4.1 TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.1 and below TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.0 and below TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.0 and below TIBCO Jaspersoft Studio versions 6.2.3 and below TIBCO Jaspersoft Studio versions 6.3.0, 6.3.1, and 6.3.2 TIBCO Jaspersoft Studio version 6.4.0 TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.0 and below The following components are affected: * report renderer

Resolution

TIBCO has released updated versions of the affected components which address

these issues.

For each affected system, update to the corresponding software versions:

TIBCO JasperReports Server versions 6.2.X update to

version 6.2.4 or higher

TIBCO JasperReports Server versions 6.3.X update to

version 6.3.3 or higher

TIBCO JasperReports Server version 6.4.0 update to

version 6.4.2 or higher

TIBCO JasperReports Server Community Edition versions 6.4.0 and below

update to version 6.4.2 or higher

TIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.0 and below

update to version 6.4.2 or higher

TIBCO JasperReports Library versions 6.2.X update to version 6.2.4 or higher

TIBCO JasperReports Library versions 6.3.X update to version 6.3.3 or higher

TIBCO JasperReports Library versions 6.4.X update to version 6.4.2 or higher

TIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.X update to

version 6.4.2

TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.0 and below

update to version 6.4.2 or higher

TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.0 and below

update to version 6.4.2 or higher

TIBCO Jaspersoft Studio versions 6.2.X update to version 6.2.4

TIBCO Jaspersoft Studio versions 6.3.X update to version 6.3.3

TIBCO Jaspersoft Studio version 6.4.0 update to version 6.4.2

TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 update to version 6.4.2

Issue/Introduction

Security Advisory for TIBCO JasperReports Server

Additional Information

http://www.tibco.com/services/support/advisories
CVE: CVE-2017-5532

Welcome to "KB Articles"