Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jedox 代码问题漏洞
Vulnerability Description
Jedox是Jedox公司的一种企业绩效管理软件。用于财务和其他领域(如销售,人力资源和采购)的计划,分析和报告。 Jedox 2020.2.5 版本存在安全漏洞,该漏洞源于设置页面中默认存储路径的错误输入验证允许经过身份验证的远程用户将位置指定为 Webroot 目录。
CVSS Information
N/A
Vulnerability Type
N/A