How severe is CVE-2017-5528?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2017-5528?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2017-5528 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).

Related Vulnerabilities

CVE-2016-4315

MEDIUM

CVSS:5.7(Medium)

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action ...

CWE-3522016

CVE-2017-14956

MEDIUM

CVSS:5.7(Medium)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local do...

CWE-3522017

CVE-2019-14680

MEDIUM

CVSS:5.7(Medium)

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.

CWE-3522019

CVE-2019-14683

MEDIUM

CVSS:5.7(Medium)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CWE-3522019

CVE-2019-7730

MEDIUM

CVSS:5.7(Medium)

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

CWE-3522019

CVE-2019-8902

MEDIUM

CVSS:5.7(Medium)

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.

CWE-3522019