ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TIBCO JasperReports Server Vulnerability


Article ID: 16496


Updated On:


Clarity PPM SaaS Clarity PPM On Premise


Security vulnerabilities for JasperReports Server 6.2.1


CVE-2017-5529 and CVE-2017-5528.

Jaspersoft Server 6.2.1 is vulnerable to these two vulnerabilities, CVE-2017-5529 and CVE-2017-5528.

Based on the Jaspersoft security bulletins, both of these are resolved in Jaspersoft 6.2.3. 

Have these security vulnerabilities been addressed by the recent Jaspersoft 6.2.1 cumulative patch?




Release: 451-101-15.3-Clarity-Creator User License


All the security vulnerabilities that Jaspersoft fixed related CSRF, XXS and XXE in JSFT 6.2.3, have been back-ported to JSFT 6.2.1 through JaaS Patch 6.2.1_5.2.1.4. 

This patch is titled, JASPERSOFT SERVER CUMULATIVE PATCH 6.2.1_5.2.1.4 FOR CA PPM 14.3, 14.4,15.1,15.2 AND 15.3, and is available for download from