JEPAAS
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15088 | Med | 0.41 | 6.3 | 0.00 | Dec 25, 2025 | A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the… | ||
| CVE-2025-14088 | Med | 0.41 | 6.3 | 0.00 | Dec 5, 2025 | A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The… | ||
| CVE-2025-14694 | Med | 0.31 | 4.7 | 0.00 | Dec 15, 2025 | A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made… | ||
| CVE-2024-51165 | 0.00 | — | 0.00 | Dec 10, 2024 | SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||
| CVE-2024-51164 | 0.00 | — | 0.02 | Nov 15, 2024 | Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||
| CVE-2024-46535 | 0.00 | — | 0.01 | Oct 14, 2024 | Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made…
- CVE-2024-51165Dec 10, 2024risk 0.00cvss —epss 0.00
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
- CVE-2024-51164Nov 15, 2024risk 0.00cvss —epss 0.02
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
- CVE-2024-46535Oct 14, 2024risk 0.00cvss —epss 0.01
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.