Security vulnerabilities for JasperReports Server 6.2.1
CVE-2017-5529 and CVE-2017-5528.
Jaspersoft Server 6.2.1 is vulnerable to these two vulnerabilities, CVE-2017-5529 and CVE-2017-5528.
Based on the Jaspersoft security bulletins, both of these are resolved in Jaspersoft 6.2.3.
https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0
https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017
Have these security vulnerabilities been addressed by the recent Jaspersoft 6.2.1 cumulative patch?
All the security vulnerabilities that Jaspersoft fixed related CSRF, XXS and XXE in JSFT 6.2.3, have been back-ported to JSFT 6.2.1 through JaaS Patch 6.2.1_5.2.1.4.
This patch is titled, JASPERSOFT SERVER CUMULATIVE PATCH 6.2.1_5.2.1.4 FOR CA PPM 14.3, 14.4,15.1,15.2 AND 15.3, and is available for download from support.ca.com.