CVE-2021-35494: 
TIBCO JasperReports Server vulnerability analysis and mitigation

CVE-2021-35494 is a security vulnerability discovered in TIBCO JasperReports Server's REST API component. The vulnerability was disclosed on October 12, 2021, affecting multiple versions of TIBCO JasperReports Server and its various editions including Community, Developer, AWS Marketplace, ActiveMatrix BPM, and Microsoft Azure versions (TIBCO Advisory).

The vulnerability is classified as a race condition (CWE-362) that affects the REST API component. It received a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability requires network access and low privileges for exploitation, though it has high attack complexity (NVD).

When exploited, this vulnerability allows a low-privileged authenticated attacker to obtain read access to temporary objects created by other users on the affected system through the REST API. This primarily impacts data confidentiality as attackers can potentially access information they shouldn't have permission to view (TIBCO Advisory).

The vulnerability affects multiple versions of TIBCO JasperReports Server including versions 7.2.1 and below, 7.5.0, 7.5.1, 7.8.0, and 7.9.0. It also impacts Community Edition (versions 7.8.0 and below), Developer Edition (versions 7.9.0 and below), AWS Marketplace (versions 7.9.0 and below), ActiveMatrix BPM (versions 7.9.0 and below), and Microsoft Azure (version 7.8.0) editions. Users should upgrade to the latest version that addresses this vulnerability (TIBCO Advisory).