Description
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-07
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Boot Actuator Endpoint of erzhongxmu JeeWMS allows remote manipulation of the /base-boot/actuator path, causing an endpoint to reveal sensitive internal information. The vulnerability is classified as Information Exposure (CWE‑200) and Improper Authorization (CWE‑284), enabling an attacker to gain unintended access to data likely held by the actuator service.

Affected Systems

The affected product is erzhongxmu JeeWMS; the disclosed issue exists in all releases up to commit 141740afb2ba14d441c82a833d0a418d07ca2d69. Because the vendor uses a rolling‑release model, specific version numbers are not published, so any instance built on the code base identified by the commit hash is potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk, and the exploit is publicly available. The EPSS score is not available, but the lack of a KEV listing does not reduce the likelihood that attackers will target the exposed endpoint. An attacker only needs network access to the actuator URL, and can gain unauthorized information without authentication or other prerequisites.

Generated by OpenCVE AI on June 7, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor‑issued patch that fixes the actuator endpoint exposure.
  • If a patch is unavailable, isolate the actuator URL by restricting inbound traffic using a firewall or access‑control list so that only trusted internal users can reach it.
  • Continuously monitor web‑application logs for failed or successful attempts to access the /base-boot/actuator endpoint and investigate any anomalous activity.

Generated by OpenCVE AI on June 7, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 07 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Title erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
First Time appeared Jeewms
Jeewms jeewms
Weaknesses CWE-200
CWE-284
CPEs cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*
Vendors & Products Jeewms
Jeewms jeewms
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Jeewms Jeewms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-07T08:00:10.756Z

Reserved: 2026-06-06T16:02:06.216Z

Link: CVE-2026-11458

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-07T09:16:22.050

Modified: 2026-06-07T09:16:22.050

Link: CVE-2026-11458

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T09:30:15Z

Weaknesses