Security Advisory Regarding TIBCO JasperReports
Article ID: KB0108006
Updated On:
| Products | Versions |
|---|---|
| TIBCO JasperReports Server | 7.2.1 and below, 7.5.0 and 7.5.1, 7.8.0, 7.9.0 |
Description
TIBCO JasperReports FTP Password exposed
Original release date: October 12, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows an authenticated attacker with network access to obtain FTP server
passwords for other users of the affected system.
Impact
Successful execution of this vulnerability can result in an attacker gaining
access to the victim’s FTP server at the privilege level of the victim.
CVSS v3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Environment
Products Affected
TIBCO JasperReports Server versions 7.2.1 and below
TIBCO JasperReports Server versions 7.5.0 and 7.5.1
TIBCO JasperReports Server version 7.8.0
TIBCO JasperReports Server version 7.9.0
TIBCO JasperReports Server - Community Edition versions 7.8.0 and below
TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below
TIBCO JasperReports Server for Microsoft Azure version 7.8.0
The following component is affected:
* Scheduler Connection
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2
or later
TIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2
or later
TIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later
TIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later
TIBCO JasperReports Server - Community Edition versions 7.8.0 and below
update to version 7.8.1 or later
TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to
version 7.9.1 or later
issue:
TIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2
or later
TIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2
or later
TIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later
TIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later
TIBCO JasperReports Server - Community Edition versions 7.8.0 and below
update to version 7.8.1 or later
TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below
update to version 7.9.1 or later
TIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to
version 7.9.1 or later
Issue/Introduction
Security Advisory Regarding TIBCO JasperReports FTP Password exposed
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2021-35495
CVE-2021-35495
Feedback
Yes
No
Powered by
