CVE-2022-47880

MEDIUM

Jedox - Insufficiently Protected Credentials

Title source: rule

Description

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.

Exploits (1)

exploitdb WRITEUP

by Team Syslifters · textwebappsphp

https://www.exploit-db.com/exploits/51429

View Code ZIP pw:eip

References (2)

[Product] http://jedox.com

[Exploit, Third Party Advisory] https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

Scores

CVSS v3 5.3

EPSS 0.0090

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

jedox/jedox

jedox/jedox_cloud

Timeline

Published May 12, 2023

Tracked Since Feb 18, 2026