Ketr Jepaas
6 CVEs affecting Ketr Jepaas. Latest disclosed: 2025-12-25. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46535 | Critical | 9.8 | 2024-10-14 | Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. |
CVE-2024-51164 | Critical | 9.1 | 2024-11-15 | Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially c… |
CVE-2024-51165 | High | 7.5 | 2024-12-10 | SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially cr… |
CVE-2025-15088 | Medium | 6.3 | 2025-12-25 | A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil… |
CVE-2025-14088 | Medium | 6.3 | 2025-12-05 | A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation o… |
CVE-2025-14694 | Medium | 4.7 | 2025-12-15 | A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipul… |