| عنوان | 广州华壹智能科技有限公司 JEEWMS latest Unauthorized Sensitive Information Disclosure |
|---|
| الوصف | JEEWMS exposes sensitive Spring Boot Actuator endpoints under /base-boot/actuator/** without authentication. In particular, /base-boot/actuator/env and /base-boot/actuator/heapdump are accessible to unauthenticated users and may disclose configuration secrets, runtime environment data, and full JVM heap contents. This can result in credential leakage, token disclosure, and full compromise when combined with other weaknesses. |
|---|
| المصدر | ⚠️ https://github.com/0d000721999/evc1/issues/2 |
|---|
| المستخدم | 0d00 (UID 98238) |
|---|
| ارسال | 13/05/2026 05:42 PM (26 أيام منذ) |
|---|
| الاعتدال | 06/06/2026 06:02 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 369077 [erzhongxmu JeeWMS حتى 141740afb2ba14d441c82a833d0a418d07ca2d69 Boot Actuator Endpoint /base-boot/actuator الكشف عن المعلومات] |
|---|
| النقاط | 19 |
|---|