cbcvebase.
CVE-2022-47878
published 2023-05-02

CVE-2022-47878: Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as…

PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
38.11%
98.4th percentile
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.

Affected

1 ranges
VendorProductVersion rangeFixed in
jedoxjedox

Detection & IOCsextracted from sources · hover to see the quote

path/htdocs/app/docroot/
  • Monitor for changes to the default storage path setting in Jedox pointing to web-accessible directories (e.g., webroot paths like /htdocs/app/docroot/), which is the first stage of this exploit chain.
  • Detect upload or import of .php files into the Jedox webroot directory, which is the second stage of this RCE exploit chain.
  • Alert on HTTP requests executing .php files placed in the Jedox webroot, indicative of webshell execution following CVE-2022-47878 exploitation.
  • ·Vulnerability only affects on-premises deployments of Jedox running version 22.2 or earlier; cloud-hosted and SaaS environments are not impacted.
  • ·Exploitation requires the attacker to be a remote, authenticated user with access to the application settings page.
  • ·The vendor resolved this issue in version 22.3; installations on 22.3 and later are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.