Security Advisory for TIBCO JasperReports Library

Security Advisory for TIBCO JasperReports Library

book

Article ID: KB0108120

calendar_today

Updated On:

Products Versions
TIBCO JasperReports Server 6.1.1 and below, 6.2.0, 6.2.1, 6.3, 6.3.0

Description

Description

  The JasperReports Library components listed above contain an information
  disclosure vulnerability.


Impact

  This vulnerability includes the theoretical disclosure of any accessible
  information from the host file system.

  CVSS v3 Base Score: 4.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N)

Environment

Systems Affected TIBCO JasperReports Library Community Edition versions 6.4.0 and below TIBCO JasperReports Library for ActiveMatrix BPM versions 6.2.0 and below TIBCO JasperReports Professional version 6.2.1 and below TIBCO JasperReports Professional version 6.3.0 TIBCO JasperReports Server version 6.1.1 and below TIBCO JasperReports Server version 6.2.0, and 6.2.1 TIBCO JasperReports Server version 6.3.0 TIBCO JasperReports Server Community Edition version 6.3.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 6.2.0 and below TIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.3.0 and below TIBCO Jaspersoft Reporting and Analytics for AWS versions 6.3.0 and below TIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.2.0 and below The following components are affected: * jasperreports-{version} JAR files

Resolution


  For TIBCO JasperReports Library Community Edition, upgrade to
     version 6.4.1 or higher.

  For TIBCO JasperReports Library for ActiveMatrix BPM, upgrade to
    version 6.4.1 or higher.

  For TIBCO JasperReports Professional, upgrade
    versions 6.2.X and below upgrade to version 6.2.3 or higher,
    versions 6.3.X to version 6.3.2 or higher.
  
  For TIBCO JasperReports Server, upgrade
    versions 6.1.1 and below to version 6.1.2 or higher,
    versions 6.2.X to version 6.2.3 or higher,
    versions 6.3.X to version 6.3.2 or higher.

  For TIBCO JasperReports Server Community Edition, upgrade
    to version 6.4.0 or higher.

  For TIBCO JasperReports Server for ActiveMatrix BPM, upgrade
    to version 6.4.0 or higher.

  For TIBCO Jaspersoft for AWS with Multi-Tenancy, upgrade
    to version 6.4.0 or higher.

  For TIBCO Jaspersoft Reporting and Analytics for AWS, upgrade
    to version 6.4.0 or higher.

  For TIBCO Jaspersoft Studio for ActiveMatrix BPM, upgrade
    to version 6.4.0 or higher.
 

Issue/Introduction

TIBCO JasperReports Library Information Disclosure

Additional Information

References

  http://www.tibco.com/services/support/advisories
  http://docs.tibco.com/products/tibco-jasperreports-server
  http://github.com/Jaspersoft/jasperreports
  CVE: CVE-2017-5529
Powered by Wolken Software