Filtered by vendor Ketr
Subscriptions
Filtered by product Jepaas
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14088 | 1 Ketr | 1 Jepaas | 2025-12-05 | 6.3 Medium |
| A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-46535 | 2 Jepass, Ketr | 2 Jepass, Jepaas | 2025-07-03 | 9.8 Critical |
| Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | ||||
| CVE-2024-51164 | 2 Jepaas, Ketr | 2 Jepaas, Jepaas | 2025-06-24 | 9.1 Critical |
| Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2024-51165 | 1 Ketr | 1 Jepaas | 2025-06-24 | 7.5 High |
| SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
Page 1 of 1.