177 matches found
CVE-2024-35091
CVE-2024-35091 affects J2EEFAST v2.7.0 via SysTenantMapper.xml findPage, where missing input-validation enables SQL injection. Root cause: lack of external-input SQL validation in the findPage function. Impact: potential exposure of sensitive database data; CVSS v3.1 base score 9.8 (NETWORK, HIGH...
CVE-2024-35091
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml...
CVE-2024-35086
CVE-2024-35086 affects J2EEFAST v2.7.0. The vulnerability is a SQL injection in the findPage function within BpmTaskFromMapper.xml due to lack of external input SQL statement validation. Impactful according to the CVE: high confidentiality, integrity, and availability risks with network attack ve...
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml...
CVE-2024-35082
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml...
CVE-2024-35082
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml...
CVE-2024-35082
CVE-2024-35082 concerns J2EEFAST v2.7.0, where a SQL injection flaw exists in the SysOperLogMapper.xml file’s findPage function. The root cause per CNVD/Red Hat style descriptions is lack of input SQL statement validation for that function, enabling potential manipulation of database queries. Rep...
CVE-2024-35084
CVE-2024-35084 affects J2EEFAST v2.7.0. The vulnerability is a SQL injection in SysMsgPushMapper.xml’s findPage function caused by lack of validation for external input SQL statements. Reported impact indicates high confidentiality, integrity, and availability risk (base score 9.8, CVSS3.1: AV:N/...
CVE-2024-35084
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...
CVE-2024-35084
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...
CVE-2024-35085
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml...
CVE-2024-35085
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml...
CVE-2024-35085
CVE-2024-35085 affects J2EEFAST v2.7.0; a SQL injection exists in the findPage function of ProcessDefinitionMapper.xml due to insufficient input validation. Exploitation could allow an attacker to execute arbitrary SQL to access data, per multiple sources (CNVD/CNNVD, Red Hat, NVD). There is no c...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35090
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml...
CVE-2024-35090
Affected software: J2EEFAST v2.7.0. Vulnerability: SQL injection via the SysUreportFileMapper.xml findPage function. Root cause: lack of validation of external input SQL statements. Impact (as stated): Attacker could execute arbitrary SQL to steal sensitive database data. References in docs: Mult...
CVE-2024-35083
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml...
CVE-2024-35083
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml...
CVE-2024-35083
CVE-2024-35083 affects J2EEFAST v2.7.0 with a SQL injection vulnerability in SysLoginInfoMapper.xml findPage function. Root cause stated as lack of validation of external input SQL statements, enabling an attacker to execute arbitrary SQL and potentially steal data. The CVSS v3.1 score is 8.8 ( H...