High severity8.8NVD Advisory· Published Jun 29, 2017· Updated May 13, 2026

CVE-2017-5528

Description

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).

Affected products

TIBCO Software Inc./TIBCO JasperReports Serverv5
Range: unspecified
TIBCO Software Inc./TIBCO JasperReports Server Community Editionv5
Range: unspecified
TIBCO Software Inc./TIBCO JasperReports Server for ActiveMatrix BPMv5
Range: unspecified
TIBCO Software Inc./TIBCO Jaspersoft for AWS with Multi-Tenancyv5
Range: unspecified
TIBCO Software Inc./TIBCO Jaspersoft Reporting and Analytics for AWSv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000