CVE-2021-35496
Description
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.
Related CPE's
References
CvssV3 impact
BaseSeverity | HIGH |
ConfidentialityImpact | HIGH |
AttackComplexity | HIGH |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | LOW |
BaseScore | 7.1 |
VectorString | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Version | 3.1 |
UserInteraction | REQUIRED |
CvssV2 impact
AccessComplexity | HIGH |
ConfidentialityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
BaseScore | 4.6 |
VectorString | AV:N/AC:H/Au:S/C:P/I:P/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | SINGLE |