CVE-2017-14941

Impact:
Moderate
Public Date:
2017-09-30
CWE:
CWE-312
Bugzilla:
1510332: CVE-2017-14941 jasperreports: Cleartext storage of passwords

The MITRE CVE dictionary describes this issue as:

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

Find out more about CVE-2017-14941 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security is not aware of any supported product that ships the affected component.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
RHEV Manager 3 jasperreports-server-pro Will not fix

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.