BIT-jasperreports-2021-35496

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/jasperreports/BIT-jasperreports-2021-35496.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-jasperreports-2021-35496
Aliases
  • CVE-2021-35496
Published
2024-03-06T10:57:16.402Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:community:*:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:developer:*:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.5.0:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.5.1:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.8.0:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:7.9.0:*:*:*:*:-:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:activematrix_bpm:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:aws_marketplace:*:*",
        "cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:microsoft_azure:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / jasperreports

Package

Name
jasperreports
Purl
pkg:bitnami/jasperreports

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.8.0