5 matches found
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
CVE-2024-51165
The CVE-2024-51165 issue affects JEPAAS version 7.2.8. A SQL injection vulnerability exists in the /je/rbac/rbac/loadLoginCount endpoint, exploitable through the dateVal parameter to submit a crafted query and exfiltrate all database information. This is documented in Red Hat and NVD entries, whi...