Jasper 7.1 tomcat is susceptible to Clickjacking Vulnerability
Spectrum Release: 21.2.X
JasperReports Server implements a new mechanism to protect against clickjacking attacks. To enable this mechanism, edit a configuration file.
1. Using a text editor, open the applicationContext-security-web.xml file (found in <js-install>\apache-tomcat\webapps\jasperserver-pro\WEB-INF).
2. Locate the antiClickJackingEnabled property in the webAppSecurityFilter bean, and set it to true. Setting this property to true instructs JasperReports Server to include an X-Frame-Options header in every response.
3. You can also set the antiClickJackingOption property to control the header value. Valid values are:
4. If you set the antiClickJackingOption property to ALLOW-FROM, also be sure to set the antiClickJackingUri property to a valid URI.
5. Save the file and restart the server.
NOTE: Take a backup of applicationContext-security-web.xml file before making changes.