VYPR
Vendor

Jedox

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2022-47878HigMay 2, 2023
    risk 0.63cvss 8.8epss 0.38

    Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the…

  • CVE-2022-47876HigMay 2, 2023
    risk 0.61cvss 8.8epss 0.07

    The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.

  • CVE-2022-47875HigMay 2, 2023
    risk 0.61cvss 8.8epss 0.10

    A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.

  • CVE-2022-47879HigMay 12, 2023
    risk 0.52cvss 7.5epss 0.07

    A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version…

  • CVE-2022-47874MedMay 2, 2023
    risk 0.47cvss 6.5epss 0.23

    Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.

  • CVE-2022-47880MedMay 12, 2023
    risk 0.38cvss 5.3epss 0.03

    An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.

  • CVE-2022-47877MedMay 2, 2023
    risk 0.38cvss 5.4epss 0.03

    A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.

  • CVE-2007-3581Jul 5, 2007
    risk 0.00cvss epss 0.02

    The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.