CVE-2017-5529: JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any access...

Description

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

Metrics

EPSS Probability

1.33%

67.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Tibco	Jasperreports Library Community Edition	<= 6.4.0
Tibco	Jasperreports Library For Activematrix Bpm	<= 6.2.0
Tibco	Jasperreports Professional	<= 6.2.1
Tibco	Jasperreports Professional	6.3.0
Tibco	Jasperreports Server	<= 6.1.1
Tibco	Jasperreports Server	6.2.0
Tibco	Jasperreports Server	6.2.1
Tibco	Jasperreports Server	6.3.0
Tibco	Jasperreports Server Community Edition	<= 6.3.0
Tibco	Jasperreports Server For Activematrix Bpm	<= 6.2.0
Tibco	Jaspersoft For Aws With Multi-Tenancy	<= 6.3.0
Tibco	Jaspersoft Reporting And Analytics For Aws	<= 6.3.0
Tibco	Jaspersoft Studio For Activematrix Bpm	<= 6.2.0

References

Timeline

Published: Jun 29, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5529?

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).

How severe is CVE-2017-5529?

Severity scoring for CVE-2017-5529 is pending analysis. The EPSS model estimates a 1.33% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5529?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.