CVE-2022-41563

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 8.0.2 and below TIBCO JasperReports Server version 8.1.0 TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below TIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below TIBCO JasperReports Server for AWS Marketplace version 8.1.0 TIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below TIBCO JasperReports Server for Microsoft Azure version 8.1.0

Description The Dashboard component of TIBCO JasperReports Server contains a vulnerability that allows a low-privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack requires human interaction from a person other than the attacker.

Recommendations For TIBCO JasperReports Server versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server version 8.1.0, consider disabling the Dashboard component until a patch is available. For TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below, update to a version above 8.1.0. For TIBCO JasperReports Server for AWS Marketplace versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server for AWS Marketplace version 8.1.0, consider disabling the Dashboard component until a patch is available. For TIBCO JasperReports Server for Microsoft Azure versions 8.0.2 and below, update to a version above 8.0.2. For TIBCO JasperReports Server for Microsoft Azure version 8.1.0, consider disabling the Dashboard component until a patch is available.