Published: 02/10/2017 Updated: 06/10/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jaspersoft jasperreports 4.7.0

Debian Bug report logs - #884131 jasperreports: CVE-2017-14941, CVE-2017-5533, CVE-2017-5532 Package: libjasperreports-java; Maintainer for libjasperreports-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libjasperreports-java is src:jasperreports (PTS, buildd, popcon) Reported by: ...

Debian Bug report logs - #880467 jasperreports: CVE-2017-14941, CVE-2017-5528, CVE-2017-5529 Package: jasperreports; Maintainer for jasperreports is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Tue, 31 Oct 2017 21:48:02 UTC Severity: impor ...

JasperSoft JasperReports version 47 stores passwords unencrypted and leaves them in cleartext in html ...

CWE-200 https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884131 https://nvd.nist.gov

CVE-2017-14941

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect