CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2022-47880 – Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
https://notcve.org/view.php?id=CVE-2022-47880
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. Jedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function. • https://www.exploit-db.com/exploits/51429 http://jedox.com https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-47879 – Jedox 2022.4.2 - Code Execution via RPC Interfaces
https://notcve.org/view.php?id=CVE-2022-47879
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. Jedox version 2022.4.2 has a vulnerability in /be/rpc.php and /be/erpc.php that allows remote authenticated users to load arbitrary PHP classes from the rtn directory and to execute its methods. • https://www.exploit-db.com/exploits/51423 http://jedox.com https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 3CVE-2022-47874 – Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
https://notcve.org/view.php?id=CVE-2022-47874
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. Jedox version 2020.2.5 suffers from having improper access controls in /tc/rpc that allows remote authenticated users to view details of database connections via the class com.jedox.etl.mngr.Connections and the method getGlobalConnection. • https://www.exploit-db.com/exploits/51428 http://packetstormsecurity.com/files/172156/Jedox-2020.2.5-Database-Credential-Disclosure.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 3CVE-2022-47875 – Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
https://notcve.org/view.php?id=CVE-2022-47875
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. Jedox version 2022.4.2 has a directory traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code. • https://www.exploit-db.com/exploits/51424 http://packetstormsecurity.com/files/172152/Jedox-2022.4.2-Directory-Traversal-Remote-Code-Execution.html https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •