j2eefast CVE Vulnerabilities & Metrics

Focus on j2eefast vulnerabilities and metrics.

Last updated: 18 May 2025, 22:25 UTC

About j2eefast Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with j2eefast. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total j2eefast CVEs: 21
Earliest CVE date: 12 Aug 2021, 22:15 UTC
Latest CVE date: 18 Oct 2024, 19:15 UTC

Latest CVE reference: CVE-2024-45944

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 8

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -20.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -20.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical j2eefast CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.74

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 18
4.0-6.9 2
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS j2eefast CVEs

These are the five CVEs with the highest CVSS scores for j2eefast, sorted by severity first and recency.

All CVEs for j2eefast

CVE-2024-45944 j2eefast vulnerability CVSS: 0 18 Oct 2024, 19:15 UTC

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution.

CVE-2024-35091 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.

CVE-2024-35090 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml.

CVE-2024-35086 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml .

CVE-2024-35085 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.

CVE-2024-35084 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.

CVE-2024-35083 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.

CVE-2024-35082 j2eefast vulnerability CVSS: 0 23 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml.

CVE-2024-33164 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.

CVE-2024-33161 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.

CVE-2024-33155 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.

CVE-2024-33153 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.

CVE-2024-33149 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.

CVE-2024-33148 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.

CVE-2024-33147 j2eefast vulnerability CVSS: 0 07 May 2024, 17:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.

CVE-2024-33146 j2eefast vulnerability CVSS: 0 07 May 2024, 16:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.

CVE-2024-33144 j2eefast vulnerability CVSS: 0 07 May 2024, 16:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml.

CVE-2024-33139 j2eefast vulnerability CVSS: 0 07 May 2024, 16:15 UTC

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function.

CVE-2023-2476 j2eefast vulnerability CVSS: 4.0 02 May 2023, 14:15 UTC

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.

CVE-2023-2475 j2eefast vulnerability CVSS: 4.0 02 May 2023, 13:15 UTC

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867.

CVE-2021-28890 j2eefast vulnerability CVSS: 7.5 12 Aug 2021, 22:15 UTC

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.