CVE-2022-41563: TIBCO JasperReports Server Stored XSS Vulnerability
First published: Tue Dec 13 2022(Updated: )
The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tibco Jasperreports Server | <=8.0.2 | |
| Tibco Jasperreports Server | <=8.0.2 | |
| TIBCO JasperReports Server - | <=8.0.2 | |
| Tibco Jasperreports Server | <=8.1.0 | |
| Tibco Jasperreports Server | =8.1.0 | |
| Tibco Jasperreports Server | =8.1.0 | |
| TIBCO JasperReports Server - | =8.1.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO JasperReports Server versions 8.0.2 and below: update to version 8.0.3 or later TIBCO JasperReports Server version 8.1.0: update to version 8.1.1 or later TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below: update to version 8.1.1 or later TIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below: update to version 8.0.3 or later TIBCO JasperReports Server for AWS Marketplace version 8.1.0: update to version 8.1.1 or later TIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below: update to version 8.0.3 or later TIBCO JasperReports Server for Microsoft Azure version 8.1.0: update to version 8.1.1 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-41563?
CVE-2022-41563 is a vulnerability in the Dashboard component of TIBCO JasperReports Server, which could allow an attacker to execute arbitrary code or cause a denial of service.
How severe is CVE-2022-41563?
CVE-2022-41563 is classified as a critical vulnerability with a severity score of 5.4.
Which software is affected by CVE-2022-41563?
CVE-2022-41563 affects TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for Microsoft Azure versions up to 8.0.2.
How can this vulnerability be exploited?
CVE-2022-41563 can be exploited by an attacker to execute arbitrary code or cause a denial of service through the Dashboard component of TIBCO JasperReports Server.
What can I do to mitigate CVE-2022-41563?
To mitigate CVE-2022-41563, it is recommended to upgrade to a patched version of TIBCO JasperReports Server.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/tibco
- canonical/tibco jasperreports server
- version/tibco jasperreports server/8.0.2
- canonical/tibco jasperreports server -
- version/tibco jasperreports server -/8.0.2
- version/tibco jasperreports server/8.1.0
- version/tibco jasperreports server -/8.1.0