CVE-2021-35496 TIBCO JasperReports XML Eternal Entity (XXE) vulnerability

🗓️ 12 Oct 2021 17:35:14Reported by tibcoType

TIBCO JasperReports XMLA Connections component contains XXE vulnerabilit

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2021-35496	12 Oct 202122:25	–	circl
CNNVD	TIBCO Software JasperReports Server 代码问题漏洞	12 Oct 202100:00	–	cnnvd
CVE	CVE-2021-35496	12 Oct 202117:35	–	cve
EUVD	EUVD-2021-22138	7 Oct 202500:30	–	euvd
NVD	CVE-2021-35496	12 Oct 202118:15	–	nvd
OSV	BIT-JASPERREPORTS-2021-35496	6 Mar 202410:57	–	osv
Prion	Design/Logic Flaw	12 Oct 202118:15	–	prion
Positive Technologies	PT-2021-20936 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace +5	12 Oct 202100:00	–	ptsecurity

[
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.5.1"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.8.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.9.0"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server - Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.8.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server - Developer Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for ActiveMatrix BPM",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO JasperReports Server for Microsoft Azure",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.8.0"
      }
    ]
  }
]

Source	Link
tibco	www.tibco.com/services/support/advisories

02 Nov 2021 19:06Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00621