CVE-2024-33144

Name of the Vulnerable Software and Affected Versions J2EEFAST version 2.7.0

Description A SQL injection issue was discovered via the sql filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For J2EEFAST version 2.7.0, consider restricting access to the findApplyedTasksPage function in BpmTaskMapper.xml to minimize the risk of exploitation. Avoid using the sql filter parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.