Lucene search

Ubuntu.comUB:CVE-2022-41562

HistoryDec 13, 2022 - 12:00 a.m.

CVE-2022-41562

2022-12-1300:00:00

ubuntu.com

html escaping component

tibco software inc

jasperreports server

exploit

xss attack

network access

privilege escalation

vulnerability

tibco jasperreports server - community edition

tibco jasperreports server - developer edition

tibco jasperreports server for aws marketplace

tibco jasperreports server for microsoft azure

cve-2022-41562

security issue

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.9%

JSON

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports
Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community
Edition, TIBCO JasperReports Server - Developer Edition, TIBCO
JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for
AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO
JasperReports Server for Microsoft Azure contains an easily exploitable
vulnerability that allows a privileged/administrative attacker with network
access to execute an XSS attack on the affected system. A successful attack
using this vulnerability requires human interaction from a person other
than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO
JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server:
version 8.1.0, TIBCO JasperReports Server - Community Edition: versions
8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions
8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions
8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version
8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and
below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjasperreports< anyUNKNOWN
ubuntu16.04noarchjasperreports< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	jasperreports	< any	UNKNOWN
ubuntu	16.04	noarch	jasperreports	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-41562

nvd.nist.gov/vuln/detail/CVE-2022-41562

security-tracker.debian.org/tracker/CVE-2022-41562

www.cve.org/CVERecord?id=CVE-2022-41562

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.9%

JSON

Related for UB:CVE-2022-41562