CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3CVE-2022-47876 – Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
https://notcve.org/view.php?id=CVE-2022-47876
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. The Jedox Integrator in Jedox version 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. • https://www.exploit-db.com/exploits/51427 http://packetstormsecurity.com/files/172155/Jedox-2020.2.5-Groovy-Scripts-Remote-Code-Execution.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2022-47878 – Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
https://notcve.org/view.php?id=CVE-2022-47878
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. Jedox version 2020.2.5 suffers from a remote code execution vulnerability via the configurable storage path. • https://www.exploit-db.com/exploits/51426 http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3581
https://notcve.org/view.php?id=CVE-2007-3581
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. El cliente Jedox Palo 1.5 transmite la contraseña en texto claro, lo cual podría permitir a usuarios remotos obtener la contraseña husmeando la red, como se ha demostrado iniciando Excel con la extensión Palo, abriendo un cubo, y realizando una acción Insertar Vista. • http://85.10.222.122/mantis/public_show_bug.php?bug_id=452 http://osvdb.org/45754 •