Jishenghua: community verdicts
5 notable / known-exploited Jishenghua CVEs the community has triaged.
- CVE-2025-55370HIGH 8.8Real · low riskEPSS 0%
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
- CVE-2025-55368HIGH 8.8Real · low riskEPSS 0%
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
- CVE-2025-55366MED 5.3EPSS 0%
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.
- CVE-2025-55367MED 5.3EPSS 0%
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
- CVE-2025-55371MED 5.3EPSS 0%
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.