First published: Tue Oct 12 2021(Updated: )
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.
Credit: security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO JasperReports Server - | <=7.2.1 | |
Tibco Jasperreports Server | <=7.8.0 | |
Tibco Jasperreports Server | <=7.8.0 | |
Tibco Jasperreports Server | <=7.9.0 | |
Tibco Jasperreports Server | <=7.9.0 | |
Tibco Jasperreports Server | <=7.9.0 | |
TIBCO JasperReports Server - | =7.5.0 | |
TIBCO JasperReports Server - | =7.5.1 | |
TIBCO JasperReports Server - | =7.8.0 | |
TIBCO JasperReports Server - | =7.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35496 is the vulnerability identified in the XMLA Connections component of TIBCO JasperReports Server.
The severity of CVE-2021-35496 is high with a CVSS score of 7.5.
Versions 7.2.1, 7.5.0, 7.5.1, 7.8.0, and 7.9.0 of TIBCO JasperReports Server are affected by CVE-2021-35496.
To fix CVE-2021-35496, it is recommended to upgrade TIBCO JasperReports Server to a version that is not affected by the vulnerability.
You can find more information about CVE-2021-35496 in the advisory provided by TIBCO at https://www.tibco.com/services/support/advisories.