CVE-2021-35495 : What You Need to Know
Learn about CVE-2021-35495 found in TIBCO JasperReports Server, enabling attackers to access FTP server passwords. Follow mitigation steps to secure your systems.
A critical vulnerability, CVE-2021-35495, has been identified in TIBCO JasperReports Server that allows an attacker to obtain FTP server passwords. Here's what you need to know about this security issue.
Understanding CVE-2021-35495
CVE-2021-35495 is a security flaw found in various versions of TIBCO JasperReports Server, exposing FTP server passwords to authenticated attackers with network access.
What is CVE-2021-35495?
The Scheduler Connection component of TIBCO JasperReports Server and related editions contains a vulnerability that can be easily exploited to access FTP server passwords of other users on the affected system.
The Impact of CVE-2021-35495
The exploitation of this vulnerability could result in a threat actor gaining unauthorized access to FTP servers at a victim's privilege level, compromising confidentiality, and integrity.
Technical Details of CVE-2021-35495
The CVSS v3.1 base score for this vulnerability is 9, categorizing it as critical. The attack complexity is low, requiring a low level of privileges, but with high impacts on confidentiality, integrity, and availability.
Vulnerability Description
The flaw allows authenticated network attackers to retrieve FTP server passwords on affected systems, potentially leading to unauthorized access and data breaches.
Affected Systems and Versions
TIBCO JasperReports Server versions 7.2.1 to 7.9.0, Community and Developer Editions, and versions for AWS Marketplace, ActiveMatrix BPM, and Microsoft Azure are affected.
Exploitation Mechanism
An authenticated attacker with network access can exploit this vulnerability to obtain passwords of FTP servers on the target system.
Mitigation and Prevention
To safeguard your systems from CVE-2021-35495, immediate actions and long-term security measures are crucial.
Immediate Steps to Take
It is recommended to update the affected components to the latest versions provided by TIBCO to address this vulnerability.
Long-Term Security Practices
Regularly monitor security advisories from TIBCO and apply patches promptly to prevent exploitation of known vulnerabilities.
Patching and Updates
TIBCO has released updated versions of the affected components to address this issue. Ensure that you update TIBCO JasperReports Server and related editions to the specified versions or later.