Security vulnerabilities for JasperReports Server 6.2.1
CVE-2017-5529 and CVE-2017-5528.
Jaspersoft Server 6.2.1 is vulnerable to these two vulnerabilities, CVE-2017-5529 and CVE-2017-5528.
Based on the Jaspersoft security bulletins, both of these are resolved in Jaspersoft 6.2.3.
Have these security vulnerabilities been addressed by the recent Jaspersoft 6.2.1 cumulative patch?
Release: 451-101-15.3-Clarity-Creator User License
All the security vulnerabilities that Jaspersoft fixed related CSRF, XXS and XXE in JSFT 6.2.3, have been back-ported to JSFT 6.2.1 through JaaS Patch 6.2.1_18.104.22.168.
This patch is titled, JASPERSOFT SERVER CUMULATIVE PATCH 6.2.1_22.214.171.124 FOR CA PPM 14.3, 14.4,15.1,15.2 AND 15.3, and is available for download from support.ca.com.