CVE-2021-35495

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 7.2.1 and below TIBCO JasperReports Server versions 7.5.0 and 7.5.1 TIBCO JasperReports Server version 7.8.0 TIBCO JasperReports Server version 7.9.0 TIBCO JasperReports Server - Community Edition versions 7.8.0 and below TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below TIBCO JasperReports Server for Microsoft Azure version 7.8.0

Description: The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system.

Recommendations: For TIBCO JasperReports Server versions 7.2.1 and below, update to a version above 7.2.1. For TIBCO JasperReports Server versions 7.5.0 and 7.5.1, update to a version other than 7.5.0 and 7.5.1. For TIBCO JasperReports Server version 7.8.0, update to a version other than 7.8.0. For TIBCO JasperReports Server version 7.9.0, update to a version other than 7.9.0. For TIBCO JasperReports Server - Community Edition versions 7.8.0 and below, update to a version above 7.8.0. For TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for Microsoft Azure version 7.8.0, update to a version other than 7.8.0. As a temporary workaround, consider restricting access to the Scheduler Connection component until a patch is available.