CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3CVE-2022-47876 – Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
https://notcve.org/view.php?id=CVE-2022-47876
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. The Jedox Integrator in Jedox version 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. • https://www.exploit-db.com/exploits/51427 http://packetstormsecurity.com/files/172155/Jedox-2020.2.5-Groovy-Scripts-Remote-Code-Execution.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2022-47878 – Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
https://notcve.org/view.php?id=CVE-2022-47878
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. Jedox version 2020.2.5 suffers from a remote code execution vulnerability via the configurable storage path. • https://www.exploit-db.com/exploits/51426 http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •