Search criteria
4 vulnerabilities by Jaspersoft
CVE-2026-6009 (GCVE-0-2026-6009)
Vulnerability from cvelistv5 – Published: 2026-05-19 17:23 – Updated: 2026-05-20 03:55
VLAI
Title
Jaspersoft Library Deserialisation Vulnerability
Summary
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.6
(Patch)
|
|
| Jaspersoft | Jaspersoft Studio Community Edition |
Affected:
0 , ≤ 7.0.6
(Patch)
|
|
| Jaspersoft | JasperReports Server |
Affected:
0 , ≤ 10.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Library Professional |
Affected:
0 , ≤ 10.0.0
(Patch)
|
|
| Jaspersoft | Jaspersoft Studio Professional |
Affected:
0 , ≤ 10.0.0
(Patch)
|
|
| Jaspersoft | JasperReports IO Professional |
Affected:
0 , ≤ 10.0.0
(Hotfix)
|
|
| Jaspersoft | JasperReports IO At-Scale |
Affected:
0 , ≤ 10.0.0
(Hotfix)
|
|
| Jaspersoft | JasperReports Web Studio |
Affected:
0 , ≤ 10.0.1
(Hotfix)
|
Date Public
2026-05-19 16:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T03:55:41.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "Hotfix"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "Hotfix"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "10.0.1",
"status": "affected",
"version": "0",
"versionType": "Hotfix"
}
]
}
],
"datePublic": "2026-05-19T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eJava Deserialisation Vulnerability in Jaspersoft Reports Library leads to\u0026nbsp;\u003cspan\u003eRemote Code Execution (RCE), potentially allowing code execution on the affected system\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to\u00a0Remote Code Execution (RCE), potentially allowing code execution on the affected system"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:23:40.646Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-may-19-2026-jaspersoft-library-cve-2026-6009-r11/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2026-6009",
"datePublished": "2026-05-19T17:23:40.646Z",
"dateReserved": "2026-04-09T14:16:26.621Z",
"dateUpdated": "2026-05-20T03:55:41.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10492 (GCVE-0-2025-10492)
Vulnerability from cvelistv5 – Published: 2025-09-16 16:41 – Updated: 2026-02-10 18:12
VLAI
Title
Jaspersoft Library Deserialisation Vulnerability
Summary
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.3
(maven)
|
|
| Jaspersoft | Jaspersoft Studio Community Edition |
Affected:
0 , ≤ 7.0.3
(Patch)
|
|
| Jaspersoft | JasperReports Server |
Affected:
0 , ≤ 9.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Library Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | Jaspersoft Studio Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | JasperReports IO Professional |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports IO At-Scale |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Web Studio |
Affected:
0 , ≤ 3.0.1
(Patch)
|
Date Public
2025-09-16 16:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:29:30.897271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:15:24.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-10T18:12:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net/sf/jasperreports/jasperreports/",
"product": "JasperReports Library Community Edition",
"repo": "https://github.com/Jaspersoft/jasperreports",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-09-16T16:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T04:49:45.696Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2025-10492",
"datePublished": "2025-09-16T16:41:44.931Z",
"dateReserved": "2025-09-15T16:26:21.449Z",
"dateUpdated": "2026-02-10T18:12:20.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3325 (GCVE-0-2024-3325)
Vulnerability from cvelistv5 – Published: 2024-07-10 17:02 – Updated: 2024-08-01 20:05
VLAI
Title
JasperReports Server Driver upload vulnerability
Summary
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jaspersoft | JasperReport Servers |
Affected:
8.0.4 , ≤ 9.0.0
(Patch)
|
|
| tibco | jasperreports_server |
Affected:
8.0.4 , ≤ 9.0.0
(custom)
cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jasperreports_server",
"vendor": "tibco",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "8.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T19:38:52.601530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T17:45:36.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JasperReport Servers",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "8.0.4",
"versionType": "Patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability in Jaspersoft JasperReport Servers.\u003cp\u003eThis issue affects JasperReport Servers: from 8.0.4 through 9.0.0.\u003c/p\u003e"
}
],
"value": "Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:02:14.138Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JasperReports Server Driver upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2024-3325",
"datePublished": "2024-07-10T17:02:14.138Z",
"dateReserved": "2024-04-04T17:01:26.198Z",
"dateUpdated": "2024-08-01T20:05:08.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14941 (GCVE-0-2017-14941)
Vulnerability from cvelistv5 – Published: 2017-10-01 03:00 – Updated: 2024-08-05 19:42
VLAI
Summary
Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/binary1985/VulnerabilityDisclo… | x_refsource_MISC |
Date Public
2017-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-01T02:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941",
"refsource": "MISC",
"url": "https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14941",
"datePublished": "2017-10-01T03:00:00.000Z",
"dateReserved": "2017-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}