CVE-2022-47875
Published: 02 May 2023
Summary
CVE-2022-47875 is a high-severity Path Traversal (CWE-22) vulnerability in Jedox Cloud. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-47875 is a directory traversal vulnerability in the /be/erpc.php endpoint of Jedox GmbH Jedox 2020.2.5. The flaw is tracked under CWE-22 and carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and low-privileged access that can result in complete loss of confidentiality, integrity, and availability.
Remote authenticated users can exploit the weakness to execute arbitrary code on the affected installation. No user interaction is required, and the attack can be launched over the network.
Public references consist of a proof-of-concept exploit published on Packet Storm for Jedox 2022.4.2 and a detailed vulnerability disclosure report from Syslifters dated April 2023.
The EPSS probability reached a peak of 0.2381 after disclosure before settling at the current value of 0.1056, indicating that exploitation interest emerged subsequent to public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-50632
Vulnerability details
A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.