0D00

**Name of the Vulnerable Software and Affected Versions** erzhongxmu JeeWMS versions prior to 141740afb2ba14d441c82a833d0a418d07ca2d69 **Description** An injection flaw exists in the JimuReport test-connection component. Remote exploitation is possible by manipulating the `dbType`, `dbDriver`, `dbUrl`, `dbUsername`, and `dbPassword` arguments at the '/base-boot/jmreport/testConnection' endpoint. **Recommendations** Update to a version later than 141740afb2ba14d441c82a833d0a418d07ca2d69. As a temporary workaround, restrict access to the '/base-boot/jmreport/testConnection' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** erzhongxmu JeeWMS versions prior to 141740afb2ba14d441c82a833d0a418d07ca2d69 **Description** A weakness in the Boot Actuator Endpoint component allows remote attackers to cause information disclosure through improper processing of the '/base-boot/actuator' endpoint. **Recommendations** Update to a version later than 141740afb2ba14d441c82a833d0a418d07ca2d69. As a temporary workaround, restrict access to the '/base-boot/actuator' endpoint to minimize the risk of exploitation.