CVE-2022-47879

Published: May 12, 2023Modified: Nov 6, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected.

Affected (2)

Products: Jedox: Jedox, Jedox Cloud

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jedox Jedox	Version 2020.2.5
Jedox Jedox Cloud	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://jedox.com

Source: cve@mitre.org

Product

https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://jedox.mantishub.io/app/issues/57236

Source: cve@mitre.org

https://jedox.mantishub.io/app/issues/57237

Source: cve@mitre.org

https://jedox.mantishub.io/app/issues/57238

Source: cve@mitre.org

https://jedox.mantishub.io/app/issues/57239

Source: cve@mitre.org

http://jedox.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.