CVE-2017-5528 Information
Feb 14, 2021
cve
Description
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below 6.2.0 6.2.1 and 6.3.0) TIBCO JasperReports Server Community Edition (versions 6.3.0 and below) TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below) TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below) and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: