2 matches found
CVE-2022-47875
CVE-2022-47875 is a directory traversal vulnerability in Jedox (Jedox 2020.2.5) at /be/erpc.php that allows remote authenticated users to execute arbitrary code. Public write-ups and advisories (e.g., Red Hat, Exploit DB, 0day) corroborate RCE via file uploads after traversal. The initial descrip...
CVE-2022-47874
CVE-2022-47874 affects Jedox 2020.2.5, via improper access control in the /tc/rpc endpoint. The vulnerability allows remote authenticated users to view details of database connections through class com.jedox.etl.mngr.Connections.getGlobalConnection. Publicly documented PoCs and write-ups describe...