Jedox: >> Jedox >> 2020.2.5 Security Vulnerabilities
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.
CVSS Score
7.5
EPSS Score
0.051
Published
2023-05-12
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.
CVSS Score
5.3
EPSS Score
0.007
Published
2023-05-12
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.
CVSS Score
6.5
EPSS Score
0.268
Published
2023-05-02
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.074
Published
2023-05-02
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.
CVSS Score
8.8
EPSS Score
0.037
Published
2023-05-02
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.
CVSS Score
5.4
EPSS Score
0.013
Published
2023-05-02
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code.
CVSS Score
8.8
EPSS Score
0.175
Published
2023-05-02