jedox 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-47880 | An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | [email protected] | 5.3 | 3.16% | 2023-05-12 | 2025-01-27 |
| CVE-2022-47879 | A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected. | [email protected] | 7.5 | 6.74% | 2023-05-12 | 2025-11-06 |
| CVE-2022-47878 | Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-pre | [email protected] | 8.8 | 38.11% | 2023-05-02 | 2025-11-06 |
| CVE-2022-47877 | A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | [email protected] | 5.4 | 2.63% | 2023-05-02 | 2025-01-30 |
| CVE-2022-47876 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | [email protected] | 8.8 | 7.05% | 2023-05-02 | 2025-01-30 |
| CVE-2022-47875 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | [email protected] | 8.8 | 10.16% | 2023-05-02 | 2025-01-30 |
| CVE-2022-47874 | Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | [email protected] | 6.5 | 22.72% | 2023-05-02 | 2025-01-30 |
| CVE-2007-3581 | The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | [email protected] | 5.0 | 1.57% | 2007-07-05 | 2026-04-23 |