cbcvebase.
CVE-2022-47876
published 2023-05-02

CVE-2022-47876: The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.

PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
7.05%
93.4th percentile
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.

Affected

1 ranges
VendorProductVersion rangeFixed in
jedoxjedox

Detection & IOCsextracted from sources · hover to see the quote

  • Detect Groovy script job creation in Jedox Integrator by authenticated users as a potential RCE attempt (CVE-2022-47876)
  • Monitor Jedox Integrator logs for LOG.error output from Groovy jobs executing OS commands such as 'whoami', which is the PoC command used to confirm RCE
  • Alert on Groovy job creation requests in Jedox Integrator, particularly those containing '.execute()' and 'consumeProcessOutput' patterns indicative of OS command execution via Groovy
  • ·Exploitation requires the attacker to be authenticated and have permissions to create Groovy Jobs in the Jedox Integrator; unauthenticated exploitation is not possible
  • ·Affected version is Jedox 2020.2 (20.2.5) and older; detections should be scoped to these versions
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.