QID 731137
Date Published: 2024-02-12
QID 731137: TIBCO JasperReports Server Multiple Security Vulnerabilities (CVE-2022-41561, CVE-2022-41562, CVE-2022-41563)
JasperReports is an open-source reporting engine that provides the ability to deliver rich content onto the printer, the screen, or into various formats such as PDF, HTML, XLS, RTF, ODT, CSV, TXT, and XML files.
CVE-2022-41563: The vulnerability that allows a low-privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.
Affected Products:
TIBCO JasperReports Server versions 8.0.2 and below.
TIBCO JasperReports Server version 8.1.0.
QID Detection Logic:(unauthenticated)
It checks for vulnerable versions of the TIBCO JasperReports Server.
On Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user. This vulnerability can allow the attacker to exploit associated resources other than the affected system.
- TIBCO JasperReports Server_CVE-2022-41561 -
www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41561 - TIBCO JasperReports Server_CVE-2022-41562 -
www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562
- TIBCO JasperReports Server_CVE-2022-41563 -
www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563
CVEs related to QID 731137
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| TIBCO Security Advisory |
www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41563 |