Ketr Jepaas
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ketr Jepaas.
By the Year
In 2026 there have been 0 vulnerabilities in Ketr Jepaas. Last year, in 2025 Jepaas had 3 security vulnerabilities published. Right now, Jepaas is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 5.77 |
| 2024 | 3 | 0.00 |
It may take a day or so for new Jepaas vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ketr Jepaas Security Vulnerabilities
ketr JEPaaS SQLi in postilService.loadPostils before 7.2.8
CVE-2025-15088
6.3 - Medium
- December 25, 2025
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
SQLi via keyWord in ketr JEPaaS 7.2.8 readAllPostil (remote)
CVE-2025-14694
4.7 - Medium
- December 15, 2025
A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
ketr JEPaaS <=7.2.8: Auth Bypass via /je/load
CVE-2025-14088
6.3 - Medium
- December 05, 2025
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
AuthZ
JEPAAS 7.2.8 SQLi via rbac/loadLoginCount dateVal
CVE-2024-51165
- December 10, 2024
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
SQLi in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog
CVE-2024-51164
- November 15, 2024
Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
Jepaas 7.2.8 SQLi via orderSQL @ /homePortal/loadUserMsg
CVE-2024-46535
- October 14, 2024
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ketr Jepaas or by Ketr? Click the Watch button to subscribe.
