The following components are affected:
The JasperReports Server components listed above contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
The impact of this vulnerability includes the theoretical disclosure of sensitive information.
CVSS v3 Base Score: 5.7 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions.
For TIBCO JasperReports Server, upgrade:
For TIBCO JasperReports Server Community Edition, upgrade:
For TIBCO JasperReports Server for ActiveMatrix BPM, upgrade:
For TIBCO Jaspersoft for AWS with Multi-Tenancy, upgrade:
For TIBCO Jaspersoft Reporting and Analytics for AWS, upgrade: