CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941
https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941

Products affected by CVE-2017-14941

Jaspersoft » Jasperreports » Version: 4.7.0

cpe:2.3:a:jaspersoft:jasperreports:4.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14941

Products

Pricing

Contact Us