Vulnerability Details : CVE-2017-5533
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.
Products affected by CVE-2017-5533
- cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:community:*:*:*
- cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:jasperreports_server:6.4.0:*:*:*:*:activematrix_bpm:*:*
- cpe:2.3:a:tibco:jaspersoft:6.4.0:*:*:*:*:aws_with_multi-tenancy:*:*
- cpe:2.3:a:tibco:jaspersoft_reporting_and_analytics:6.4.0:*:*:*:*:aws:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5533
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5533
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.3
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
3.9
|
4.7
|
TIBCO Software Inc. |
References for CVE-2017-5533
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020
-
http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
TIBCO Security Advisory: November 15, 2017 - TIBCO JasperReports Server - 2017-5533 | TIBCO SoftwareIssue Tracking;Vendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
http://www.securityfocus.com/bid/101878
Multiple TIBCO Products CVE-2017-5533 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to