### [CVE-2021-35496](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35496)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server%20-%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server%20-%20Developer%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server%20for%20AWS%20Marketplace&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server%20for%20ActiveMatrix%20BPM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server%20for%20Microsoft%20Azure&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20JasperReports%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.5.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.8.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Successful%20execution%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20read%2C%20update%2C%20insert%20or%20delete%20access%20to%20the%20affected%20systems%20data%20and%20the%20ability%20to%20cause%20a%20denial%20of%20service%20(DOS)%20on%20the%20affected%20system.&color=brightgreen)

### Description

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.

### POC

#### Reference
- https://www.tibco.com/services/support/advisories

#### Github
No PoCs found on GitHub currently.