CVE-2021-35494

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 7.2.1 and below TIBCO JasperReports Server versions 7.5.0 and 7.5.1 TIBCO JasperReports Server version 7.8.0 TIBCO JasperReports Server version 7.9.0 TIBCO JasperReports Server - Community Edition versions 7.8.0 and below TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below TIBCO JasperReports Server for Microsoft Azure version 7.8.0

Description: The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server contains a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system.

Recommendations: For TIBCO JasperReports Server versions 7.2.1 and below, update to a version above 7.2.1. For TIBCO JasperReports Server versions 7.5.0 and 7.5.1, update to a version above 7.5.1. For TIBCO JasperReports Server version 7.8.0, update to a version above 7.8.0. For TIBCO JasperReports Server version 7.9.0, update to a version above 7.9.0. For TIBCO JasperReports Server - Community Edition versions 7.8.0 and below, update to a version above 7.8.0. For TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for Microsoft Azure version 7.8.0, update to a version above 7.8.0.