VYPR
Vendor

Jaspersoft

Products
6
CVEs
6
Across products
7
Status
Private

Products

6

Recent CVEs

6
  • CVE-2026-6009HigMay 19, 2026
    risk 0.57cvss epss 0.00

    Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

  • CVE-2024-3325HigJul 10, 2024
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.

  • CVE-2017-14941MedOct 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data…

  • CVE-2023-37790MedNov 9, 2023
    risk 0.35cvss 5.4epss 0.01

    Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

  • CVE-2025-10492Sep 16, 2025
    risk 0.00cvss epss 0.01

    A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

  • CVE-2011-1911Sep 20, 2011
    risk 0.00cvss epss 0.01

    JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

VYPR — Vulnerability Intelligence