TIBCO JasperReports Server Vulnerability

Document ID : KB000016496
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Security vulnerabilities for JasperReports Server 6.2.1

 

CVE-2017-5529 and CVE-2017-5528.

Question:

Jaspersoft Server 6.2.1 is vulnerable to these two vulnerabilities, CVE-2017-5529 and CVE-2017-5528.

Based on the Jaspersoft security bulletins, both of these are resolved in Jaspersoft 6.2.3. 

https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 

https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 

Have these security vulnerabilities been addressed by the recent Jaspersoft 6.2.1 cumulative patch?

 

 

Answer:

All the security vulnerabilities that Jaspersoft fixed related CSRF, XXS and XXE in JSFT 6.2.3, have been back-ported to JSFT 6.2.1 through JaaS Patch 6.2.1_5.2.1.4. 

This patch is titled, JASPERSOFT SERVER CUMULATIVE PATCH 6.2.1_5.2.1.4 FOR CA PPM 14.3, 14.4,15.1,15.2 AND 15.3, and is available for download from support.ca.com.