Vulnerabilities > Jedox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2022-47880 | Insufficiently Protected Credentials vulnerability in Jedox and Jedox Cloud An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | 5.3 |
| 2023-05-02 | CVE-2022-47874 | Unspecified vulnerability in Jedox Cloud and Jedox Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | 6.5 |
| 2023-05-02 | CVE-2022-47877 | Cross-site Scripting vulnerability in Jedox 2020.2.5 A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | 5.4 |