TIBCO JasperReports Server Vulnerability

book

Article ID: 16496

calendar_today

Updated On:

Products

CLARITY PPM FOR ITG CLARITY PPM FEDERAL Clarity PPM SaaS - Application Clarity PPM On Premise

Issue/Introduction

Security vulnerabilities for JasperReports Server 6.2.1

 

CVE-2017-5529 and CVE-2017-5528.



Jaspersoft Server 6.2.1 is vulnerable to these two vulnerabilities, CVE-2017-5529 and CVE-2017-5528.

Based on the Jaspersoft security bulletins, both of these are resolved in Jaspersoft 6.2.3. 

https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 

https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 

Have these security vulnerabilities been addressed by the recent Jaspersoft 6.2.1 cumulative patch?

 

 

Environment

Release: 451-101-15.3-Clarity-Creator User License
Component:

Resolution

All the security vulnerabilities that Jaspersoft fixed related CSRF, XXS and XXE in JSFT 6.2.3, have been back-ported to JSFT 6.2.1 through JaaS Patch 6.2.1_5.2.1.4. 

This patch is titled, JASPERSOFT SERVER CUMULATIVE PATCH 6.2.1_5.2.1.4 FOR CA PPM 14.3, 14.4,15.1,15.2 AND 15.3, and is available for download from support.ca.com. 

Powered by Wolken Software