CVE-2024-12347 – This CVE describes an improper authorization vu... (How to Fix)

Q: What is the severity of CVE-2024-12347?

CVE-2024-12347 has a CVSS score of 5.3 (MEDIUM). This CVE describes an improper authorization vulnerability in the Druid monitoring interface of Jeewms warehouse management software. Attackers can remotely access sensitive monitoring data without authentication. All users of Jeewms up to version 1.0.0 are affected.

📋 TL;DR

This CVE describes an improper authorization vulnerability in the Druid monitoring interface of Jeewms warehouse management software. Attackers can remotely access sensitive monitoring data without authentication. All users of Jeewms up to version 1.0.0 are affected.

💻 Affected Systems

Products:

Guangzhou Huayi Intelligent Technology Jeewms

Versions: up to and including 1.0.0

Operating Systems: Any OS running Jeewms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Druid monitoring component specifically at /jeewms_war/webpage/system/druid/index.html

📦 What is this software?

Jeewms by Huayi Tec

View all CVEs affecting Jeewms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through exposed monitoring data revealing database credentials, configuration details, and potentially enabling further attacks.

🟠

Likely Case

Unauthorized access to sensitive monitoring information including database queries, performance metrics, and system configuration.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to monitoring interface.

🌐 Internet-Facing: HIGH - The vulnerability allows remote exploitation and the Druid monitoring interface is typically accessible via web.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gain unauthorized access to monitoring data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed and require only web browser access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Block Druid Monitoring Interface

all

Restrict access to the vulnerable Druid monitoring endpoint using web server configuration or firewall rules.

# Apache: RewriteRule ^/jeewms_war/webpage/system/druid/ - [F,L]
# Nginx: location ~ ^/jeewms_war/webpage/system/druid/ { deny all; }
# Firewall: iptables -A INPUT -p tcp --dport [port] -m string --string "/jeewms_war/webpage/system/druid/" --algo bm -j DROP

Disable Druid Monitoring

linux

Remove or disable the Druid monitoring component from Jeewms deployment.

# Remove Druid files: rm -rf /path/to/jeewms/webpage/system/druid/
# Or rename directory: mv /path/to/jeewms/webpage/system/druid/ /path/to/jeewms/webpage/system/druid_disabled/

🧯 If You Can't Patch

Implement strict network access controls to limit access to Jeewms interface to authorized users only.
Deploy web application firewall (WAF) with rules to block access to Druid monitoring paths.

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[jeewms-host]:[port]/jeewms_war/webpage/system/druid/index.html without authentication. If accessible, system is vulnerable.

Check Version:

Check Jeewms version in application interface or configuration files. Default location may vary by installation.

Verify Fix Applied:

Verify the Druid monitoring interface is no longer accessible without proper authentication or returns 403/404 error.

📡 Detection & Monitoring

Log Indicators:

HTTP 200 responses to /jeewms_war/webpage/system/druid/ paths from unauthenticated users
Unusual access patterns to Druid monitoring interface

Network Indicators:

HTTP GET requests to Druid monitoring endpoints without preceding authentication requests

SIEM Query:

source="web_server" AND (url_path="/jeewms_war/webpage/system/druid/" OR url_path CONTAINS "druid") AND response_code=200 AND NOT user_agent="health_check"

📊 Metadata

CVE ID: CVE-2024-12347

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-266

Published: December 9, 2024

Last Updated: September 11, 2025

🔗 References

https://github.com/dycccccccc/JEEWMS/blob/main/JEEWMS%20Druid%20monitoring%20interface%20is%20not%20authorized.docx Third Party Advisory
https://vuldb.com/?ctiid.287267 Permissions Required,VDB Entry
https://vuldb.com/?id.287267 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.453917 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12347, you might also want to check these: