A high-severity remote information disclosure vulnerability in erzhongxmu JeeWMS exposes internal system details, necessitating immediate remediation.

This is an information disclosure vulnerability within the /base-boot/actuator component. It allows remote attackers to interact with the actuator endpoint to retrieve sensitive internal system information without proper authorization.

The CVSS score of 7.3 highlights a high-severity risk. By disclosing internal system information, this vulnerability provides attackers with the reconnaissance data necessary to craft more targeted, malicious attacks, potentially leading to a full system compromise.

Immediate Action: Update the JeeWMS installation to a version beyond the affected commit or disable the /base-boot/actuator component if it is not required for production operations.

Proactive Monitoring: Monitor logs for unauthorized access requests to the /base-boot/actuator endpoint and investigate any unexpected traffic originating from external sources.

Compensating Controls: Use a Web Application Firewall (WAF) to block requests to the /base-boot/actuator path to prevent unauthorized information disclosure.

Public Exploit Available: true

Due to the availability of a public exploit and the potential for remote information disclosure, organizations should treat this as a high-priority remediation task. Applying the update or disabling the vulnerable component is critical to maintaining system security.