6 matches found
PT-2025-37116
Name of the Vulnerable Software and Affected Versions: JEPaaS version 7.2.8 Description: A security issue has been identified in JEPaaS 7.2.8 affecting the doFilterInternal function within the Filter Handler component. This can lead to improper access controls and allows for remote execution of...
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51165
The CVE-2024-51165 issue affects JEPAAS version 7.2.8. A SQL injection vulnerability exists in the /je/rbac/rbac/loadLoginCount endpoint, exploitable through the dateVal parameter to submit a crafted query and exfiltrate all database information. This is documented in Red Hat and NVD entries, whi...
CVE-2024-51164
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51164
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51164
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...