CRITICAL🇵🇱 Wersja polska

CVE-2024-27764

CVSS 9.8v3.1pub. 2024-03-05upd. 2025-01-21

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-22 (path traversal) and CWE-27, indicating improper validation of paths in the AuthInterceptor component responsible for access control. An attacker can craft an HTTP request containing a properly constructed path that allows bypassing authorization mechanisms. As a result, it is possible to gain access to resources or functions reserved for privileged users without possessing valid credentials.

Impact

An unauthenticated attacker can remotely escalate their privileges in the system, leading to complete compromise of confidentiality, integrity, and availability of data processed by the Jeewms application.

Mitigation & patch

Apply patches available from the vendor according to the references. It is recommended to update to a version higher than 3.7 and restrict access to the application interface from external networks until the fix is applied.

Who is affected

Jeewms version 3.7 and all earlier versions

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jeewms

    APP
    Jeewms
    ≤ 3.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPEPath Traversal
CWE
References

Related vulnerabilities

CVE-2024-53499CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Jeewms v3.7 poprzez CgReportController API

CVE-2025-50901CRITICAL9.8PL ✓ten sam produkt

JeeWMS — pominięcie uwierzytelnienia umożliwiające odczyt plików

CVE-2024-57757HIGH7.5ten sam produkt

JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInt...

CVE-2024-27765HIGH7.5ten sam produkt

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive info...

CVE-2026-3026MEDIUM5.5ten sam produkt

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality ...