Jedox

jedox

Vendor: Jedox • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-47880 1Jedox 2Jedox Jedox Cloud Jan 27, 2025 May 12, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the...Show more An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.Show less
CVE-2022-47879 1Jedox 2Jedox Jedox Cloud Nov 6, 2025 May 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that...Show more A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected.Show less
CVE-2022-47878 1Jedox 1Jedox Nov 6, 2025 May 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the exe...Show more Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.Show less
CVE-2022-47877 1Jedox 1Jedox Jan 30, 2025 May 2, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.
CVE-2022-47876 1Jedox 1Jedox Jan 30, 2025 May 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.
CVE-2022-47875 1Jedox 2Cloud Jedox Jan 30, 2025 May 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
CVE-2022-47874 1Jedox 2Cloud Jedox Jan 30, 2025 May 2, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.