CVE-2022-41561

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 8.0.2 and below TIBCO JasperReports Server version 8.1.0 TIBCO JasperReports Server - Community Edition versions 8.1.0 and below TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below TIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below TIBCO JasperReports Server for AWS Marketplace version 8.1.0 TIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below TIBCO JasperReports Server for Microsoft Azure version 8.1.0

Description The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server contains a vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system.

Recommendations For TIBCO JasperReports Server versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server version 8.1.0, apply the necessary security patches. For TIBCO JasperReports Server - Community Edition versions 8.1.0 and below, update to a version above 8.1.0. For TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below, update to a version above 8.1.0. For TIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server for AWS Marketplace version 8.1.0, apply the necessary security patches. For TIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server for Microsoft Azure version 8.1.0, apply the necessary security patches.