漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jedox 代码问题漏洞
Vulnerability Description
Jedox是Jedox公司的一种企业绩效管理软件。用于财务和其他领域(如销售,人力资源和采购)的计划,分析和报告。 Jedox 2020.2.5 版本存在安全漏洞,该漏洞源于设置页面中默认存储路径的错误输入验证允许经过身份验证的远程用户将位置指定为 Webroot 目录。
CVSS Information
N/A
Vulnerability Type
N/A