CVE-2022-47880

medium

Description

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.

References

https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf

http://jedox.com

Details

Source: Mitre, NVD

Published: 2023-05-12

Updated: 2023-05-24

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N