Home / exploitsPDF  

Jedox 2020.2.5 Database Credential Disclosure

Posted on 05 May 2023

Jedox version 2020.2.5 suffers from having improper access controls in /tc/rpc that allows remote authenticated users to view details of database connections via the class com.jedox.etl.mngr.Connections and the method getGlobalConnection.

 

TOP