CVE-2017-5528, CVE-2017-5529 and CVE-2017-5532 JasperReports Server Vulnerability Issues

Document ID : KB000094522
Last Modified Date : 04/05/2018
Show Technical Document Details
I am aware about the following TIBCO Security Advisory.

1. CVE-2017-5528: TIBCO JasperReports Server cross-site vulnerabilities
2. CVE-2017-5529: TIBCO JasperReports Library Information Disclosure
3. CVE-2017-5532: TIBCO JasperReports persistent cross site scripting

I have installed CA Business Intelligence (CABI) JasperReports Server for Spectrum reporting. Is my CABI JasperReports Server affected?
Spectrum 10.2 onward with CABI JasperReports Server
These security vulnerability issues are addressed from CABI JasperReports Server 6.4.2 onward. If you are installing older version of CABI JasperReports Server then you should upgrade to 6.4.2 to address these issues.

CABI JasperReports Server 6.4.2 is supported to integrate with Spectrum from version 10.2.3 onward. However, for Spectrum 10.2.3 you need to apply PTF 10.02.03.PTF_10.2.316. Please refer to KB000092749.
Additional Information:
Please refer to below documentation about how to upgrade

Please contact CA Support to obtain patch PTF 10.02.03.PTF_10.2.316.