CVE Details
Basic Information
| Title |
JeeWMS File generateController.do dogenerateOne2Many access control |
| Type |
cve |
| Published |
2025-05-31T18:31:06.868Z |
| Last Seen |
|
Product Information
| Vendor |
n/a |
| Product |
JeeWMS |
| Version |
20250504 |
CVSS Information
| Base Score |
5.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A critical vulnerability in JeeWMS allows remote attackers to bypass access controls via the `dogenerateOne2Many` function in the File Handler component. This issue affects all versions up to 20250504, and no version details of affected or updated releases are available due to continuous delivery with rolling releases. |
| AI Severity |
Medium |
| Vendor |
JeeWMS |
| Product |
JeeWMS |
| Affected Version |
up to 20250504 |
Additional Information
| CVE List |
|
| CWE List |
CWE-284, CWE-266 |
| Bulletin Family |
|
| Source Data |
n/a JeeWMS 20250504 |
Source Information
| Source Data |
n/a JeeWMS 20250504 |
| Source Link |
|
Description
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS Score Summary
View Full CVE Details
