Sameer Mandaokar Posted June 3, 2020 Share Posted June 3, 2020 Hi All,We're using standalone jasperreports library v6.8.1(community edition) in embedded mode with our product. As per published CVE-2020-9410, it seems all the jasperreports version 7.1.1 and below are vulnerable for this security issue. Can you please confirm if this is applicable for jasperreport library 6.8.1 when used inside application which doesn't uses Jasper's HTML component to render the report-output? If yes, then which version of jasperreports library wil fix this issue and what is the release date for this? WIll there be any patch for existing versions like v6.8.1. Thanks, Sameer Mandaokar Link to comment Share on other sites More sharing options...
nicksgg Posted June 17, 2020 Share Posted June 17, 2020 Anybody can confirm?OWASP dependency scan detected high severity but low confidence level. Currently, the maven repository the highest level is 6.12.2. No release note information indicate it is fixing the CVE issue. Link to comment Share on other sites More sharing options...
nicksgg Posted June 17, 2020 Share Posted June 17, 2020 any information on this? Link to comment Share on other sites More sharing options...
okui Posted June 17, 2020 Share Posted June 17, 2020 https://github.com/TIBCOSoftware/jasperreports/issues/132#issuecomment-633465921> The vulnerability was about the FusionCharts component of JasperReports Library Professional, which does not exist in JasperReports Library Community Edition. Link to comment Share on other sites More sharing options...
Solution djohnson53 Posted June 17, 2020 Solution Share Posted June 17, 2020 Please refer to these resources. As TIBCO employees, we are not at liberty to discuss these CVE's outside of these resources:Security AdvisoriesTIBCO distributes information about security vulnerabilities and remediation in its products through security advisories.Public Security NoticesTIBCO’s response to general publicly announced security issues can be found on our Public Notices page. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now