cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-41563,https://securityvulnerability.io/vulnerability/CVE-2022-41563,TIBCO JasperReports Server Stored XSS Vulnerability,"The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9,CRITICAL,0.000539999979082495,false,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-41562,https://securityvulnerability.io/vulnerability/CVE-2022-41562,TIBCO JasperReports Server XSS Issue on Roles,"The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",8.4,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-41561,https://securityvulnerability.io/vulnerability/CVE-2022-41561,TIBCO JasperReports Server RCE Vulnerability,"The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9.1,CRITICAL,0.003640000009909272,false,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-22773,https://securityvulnerability.io/vulnerability/CVE-2022-22773,TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability,"The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",7.7,HIGH,0.000539999979082495,false,false,false,false,,false,false,2022-05-17T00:00:00.000Z,0
CVE-2022-22771,https://securityvulnerability.io/vulnerability/CVE-2022-22771,TIBCO JasperReports Library Directory Traversal Vulnerability,"The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.",Tibco,"Tibco Jasperreports Library,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",9.9,CRITICAL,0.001820000004954636,false,false,false,false,,false,false,2022-03-15T00:00:00.000Z,0
CVE-2021-35496,https://securityvulnerability.io/vulnerability/CVE-2021-35496,TIBCO JasperReports XML Eternal Entity (XXE) vulnerability,"The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",7.5,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2021-35495,https://securityvulnerability.io/vulnerability/CVE-2021-35495,TIBCO JasperReports FTP Password exposed,"The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",9,CRITICAL,0.0010400000028312206,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2021-35494,https://securityvulnerability.io/vulnerability/CVE-2021-35494,TIBCO JasperReports unauthorized access to temporary object,"The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm,Tibco Jasperreports Server For Microsoft Azure",5.7,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2021-10-12T00:00:00.000Z,0
CVE-2020-9410,https://securityvulnerability.io/vulnerability/CVE-2020-9410,TIBCO JasperReports Library,"The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",Tibco,"Tibco Jasperreports Library,Tibco Jasperreports Library For Activematrix Bpm,Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm",7.3,HIGH,0.0019000000320374966,false,false,false,false,,false,false,2020-05-20T13:15:00.000Z,0
CVE-2020-9409,https://securityvulnerability.io/vulnerability/CVE-2020-9409,TIBCO JasperReports Server Fails To Enforce Access Restrictions,"The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server ""superuser"" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Activematrix Bpm",9.8,CRITICAL,0.0019199999514967203,false,false,false,false,,false,false,2020-05-20T13:15:00.000Z,0