Cyber Resilience

CVE-2022-47875

HighPublic PoC

Published: 02 May 2023

Published
02 May 2023
Modified
30 January 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1056 93.4th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-47875 is a high-severity Path Traversal (CWE-22) vulnerability in Jedox Cloud. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-47875 is a directory traversal vulnerability in the /be/erpc.php endpoint of Jedox GmbH Jedox 2020.2.5. The flaw is tracked under CWE-22 and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and low-privileged access that can result in complete loss of confidentiality, integrity, and availability.

Remote authenticated users can exploit the weakness to execute arbitrary code on the affected installation. No user interaction is required, and the attack can be launched over the network.

Public references consist of a proof-of-concept exploit published on Packet Storm for Jedox 2022.4.2 and a detailed vulnerability disclosure report from Syslifters dated April 2023.

The EPSS probability reached a peak of 0.2381 after disclosure before settling at the current value of 0.1056, indicating that exploitation interest emerged subsequent to public release.

EU & UK References

Vulnerability details

A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

jedox
cloud
all versions
jedox
jedox
2020.2.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References