CVE-2022-41562

2022-12-1319:15:12

CWE-79

[email protected]

web.nvd.nist.gov

tibco software inc.

html escaping

xss attack

vulnerability

network access

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.9%

JSON

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.

Affected configurations

Nvd

Node

tibcojasperreports_serverRange≤8.0.2aws_marketplace

tibcojasperreports_serverRange≤8.0.2microsoft_azure

tibcojasperreports_serverRange≤8.0.2--

tibcojasperreports_serverRange≤8.1.0community

tibcojasperreports_serverRange≤8.1.0developer

tibcojasperreports_serverMatch8.1.0aws_marketplace

tibcojasperreports_serverMatch8.1.0microsoft_azure

tibcojasperreports_serverMatch8.1.0--

VendorProductVersionCPE
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:aws_marketplace:*:*
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:*:microsoft_azure:*:*
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:-:-:*:*
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:community:*:*:*
tibcojasperreports_server*cpe:2.3:a:tibco:jasperreports_server:*:*:*:*:developer:*:*:*
tibcojasperreports_server8.1.0cpe:2.3:a:tibco:jasperreports_server:8.1.0:*:*:*:*:aws_marketplace:*:*
tibcojasperreports_server8.1.0cpe:2.3:a:tibco:jasperreports_server:8.1.0:*:*:*:*:microsoft_azure:*:*
tibcojasperreports_server8.1.0cpe:2.3:a:tibco:jasperreports_server:8.1.0:*:*:*:-:-:*:*

Vendor	Product	Version	CPE
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server::::::aws_marketplace::*
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server::::::microsoft_azure::*
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server:::::-:-::
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server:::::community:::*
tibco	jasperreports_server	*	cpe:2.3:a:tibco:jasperreports_server:::::developer:::*
tibco	jasperreports_server	8.1.0	cpe:2.3:a:tibco:jasperreports_server:8.1.0:::::aws_marketplace::
tibco	jasperreports_server	8.1.0	cpe:2.3:a:tibco:jasperreports_server:8.1.0:::::microsoft_azure::
tibco	jasperreports_server	8.1.0	cpe:2.3:a:tibco:jasperreports_server:8.1.0::::-:-::*