Original release date: October 12, 2021 Last revised: --- Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system.
Impact
Successful execution of this vulnerability can result in an attacker gaining access to the victim’s FTP server at the privilege level of the victim.
CVSS v3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Environment
Products Affected
TIBCO JasperReports Server versions 7.2.1 and below
TIBCO JasperReports Server versions 7.5.0 and 7.5.1
TIBCO JasperReports Server version 7.8.0
TIBCO JasperReports Server version 7.9.0
TIBCO JasperReports Server - Community Edition versions 7.8.0 and below
TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below
TIBCO JasperReports Server for Microsoft Azure version 7.8.0
The following component is affected:
* Scheduler Connection
Resolution
TIBCO has released updated versions of the affected systems which address this issue:
TIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later
TIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later
TIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later
TIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later
TIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later
TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later
TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later
TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later
TIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later