CVE-2021-35496

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 7.2.1 and below TIBCO JasperReports Server versions 7.5.0 and 7.5.1 TIBCO JasperReports Server version 7.8.0 TIBCO JasperReports Server version 7.9.0 TIBCO JasperReports Server - Community Edition versions 7.8.0 and below TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below TIBCO JasperReports Server for Microsoft Azure version 7.8.0

Description: The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations: For TIBCO JasperReports Server versions 7.2.1 and below, update to a version above 7.2.1. For TIBCO JasperReports Server versions 7.5.0 and 7.5.1, update to a version above 7.5.1. For TIBCO JasperReports Server version 7.8.0, update to a version above 7.8.0. For TIBCO JasperReports Server version 7.9.0, update to a version above 7.9.0. For TIBCO JasperReports Server - Community Edition versions 7.8.0 and below, update to a version above 7.8.0. For TIBCO JasperReports Server - Developer Edition versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below, update to a version above 7.9.0. For TIBCO JasperReports Server for Microsoft Azure version 7.8.0, update to a version above 7.8.0.