| Titre | 广州华壹智能科技有限公司 JEEWMS latest Unauthorized Sensitive Information Disclosure |
|---|
| Description | JEEWMS exposes sensitive Spring Boot Actuator endpoints under /base-boot/actuator/** without authentication. In particular, /base-boot/actuator/env and /base-boot/actuator/heapdump are accessible to unauthenticated users and may disclose configuration secrets, runtime environment data, and full JVM heap contents. This can result in credential leakage, token disclosure, and full compromise when combined with other weaknesses. |
|---|
| La source | ⚠️ https://github.com/0d000721999/evc1/issues/2 |
|---|
| Utilisateur | 0d00 (UID 98238) |
|---|
| Soumission | 13/05/2026 17:42 (il y a 27 jours) |
|---|
| Modérer | 06/06/2026 18:02 (24 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 369077 [erzhongxmu JeeWMS Boot Actuator Endpoint /base-boot/actuator divulgation d'information] |
|---|
| Points | 19 |
|---|