The following components are affected:
The JasperReports Server component listed above contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks.
The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions: