The following components are affected:
The JasperReports Library components listed above contain an information disclosure vulnerability.
This vulnerability includes the theoretical disclosure of any accessible information from the host file system.
CVSS v3 Base Score: 4.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions.
For TIBCO JasperReports Library Community Edition, upgrade to:
For TIBCO JasperReports Library for ActiveMatrix BPM, upgrade to:
For TIBCO JasperReports Professional:
For TIBCO JasperReports Server, upgrade:
For TIBCO JasperReports Server Community Edition, upgrade:
For TIBCO JasperReports Server for ActiveMatrix BPM, upgrade:
For TIBCO Jaspersoft for AWS with Multi-Tenancy, upgrade:
For TIBCO Jaspersoft Reporting and Analytics for AWS, upgrade:
For TIBCO Jaspersoft Studio for ActiveMatrix BPM, upgrade: