CVSS: 8.8EPSS: 1%CPEs: 27EXPL: 0CVE-2018-5429 – TIBCO JasperReports Library Code Sandboxing Problem
https://notcve.org/view.php?id=CVE-2018-5429
17 Apr 2018 — A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Stud... • https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429 •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-5532 – TIBCO JasperReports persistent cross site scripting
https://notcve.org/view.php?id=CVE-2017-5532
15 Nov 2017 — A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) a... • http://www.securityfocus.com/bid/101873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-5529 – TIBCO JasperReports Library Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5529
29 Jun 2017 — JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO Jaspe... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •