jfinaloa_project CVE Vulnerabilities & Metrics

Focus on jfinaloa_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About jfinaloa_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jfinaloa_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total jfinaloa_project CVEs: 5
Earliest CVE date: 30 Mar 2022, 21:15 UTC
Latest CVE date: 16 Jan 2025, 18:15 UTC

Latest CVE reference: CVE-2024-57775

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical jfinaloa_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.1

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS jfinaloa_project CVEs

These are the five CVEs with the highest CVSS scores for jfinaloa_project, sorted by severity first and recency.

CVE-2023-0758 jfinaloa_project Published on 09 Feb 2023, 11:15 UTC (CVSS: 6.5)
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to ...
CVE-2021-40645 jfinaloa_project Published on 30 Mar 2022, 21:15 UTC (CVSS: 4.0)
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.
CVE-2024-57775 jfinaloa_project Published on 16 Jan 2025, 18:15 UTC (CVSS: 0)
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-57770 jfinaloa_project Published on 16 Jan 2025, 18:15 UTC (CVSS: 0)
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
CVE-2024-57769 jfinaloa_project Published on 16 Jan 2025, 18:15 UTC (CVSS: 0)
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.

All CVEs for jfinaloa_project

CVE-2024-57775 jfinaloa_project vulnerability CVSS: 0 16 Jan 2025, 18:15 UTC

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.

CVE-2024-57770 jfinaloa_project vulnerability CVSS: 0 16 Jan 2025, 18:15 UTC

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.

CVE-2024-57769 jfinaloa_project vulnerability CVSS: 0 16 Jan 2025, 18:15 UTC

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.

CVE-2023-0758 jfinaloa_project vulnerability CVSS: 6.5 09 Feb 2023, 11:15 UTC

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.

CVE-2021-40645 jfinaloa_project vulnerability CVSS: 4.0 30 Mar 2022, 21:15 UTC

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.