CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.
CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
The vulnerability is caused with the use of OpenSSL versions 3.0 and above.
Is JasperSoft 7.9 vulnerable?
JasperSoft 7.9
All Supported Windows Operating Systems
TIBCO has advised that JasperSoft 7.9 and JasperStudio are NOT impacted by this vulnerability.