📄 Description (English)
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-11458 is a medium-severity information disclosure vulnerability in erzhongxmu JeeWMS affecting the Boot Actuator Endpoint at /base-boot/actuator. The vulnerability allows remote attackers to manipulate file processing and extract sensitive information without authentication. With public exploit availability and no vendor patch forthcoming, immediate detection and compensating controls are critical for affected Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 7, 2026 13:00
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi government agencies, financial institutions, and healthcare providers using JeeWMS for inventory and warehouse management. Banking sector (SAMA-regulated entities) faces exposure if JeeWMS is integrated with payment or customer data systems. Government procurement systems and healthcare supply chain management are particularly vulnerable. Telecom operators (STC, Mobily) using this platform for logistics could experience data leakage of infrastructure information. Energy sector (ARAMCO subsidiaries) warehouse systems may expose operational data.
🏢 Affected Saudi Sectors
Banking and Financial Services (SAMA-regulated)
Government and Public Administration
Healthcare and Pharmaceuticals
Energy and Utilities (ARAMCO ecosystem)
Telecommunications (STC, Mobily)
Retail and E-commerce
Logistics and Supply Chain
Manufacturing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of erzhongxmu JeeWMS in your environment using network scanning and asset inventory tools
2. Disable or restrict access to /base-boot/actuator endpoint immediately using WAF rules or network ACLs
3. Monitor all access attempts to /base-boot/actuator endpoints in real-time
4. Isolate affected systems from production networks if possible
DETECTION RULES:
- Alert on any HTTP requests to paths containing '/base-boot/actuator' or '/actuator'
- Monitor for unusual file access patterns on JeeWMS servers
- Track authentication bypass attempts to actuator endpoints
- Log all parameter manipulation attempts to boot endpoints
COMPENSATING CONTROLS:
1. Implement network segmentation to restrict access to JeeWMS servers
2. Deploy Web Application Firewall (WAF) rules blocking /base-boot/actuator access
3. Enable verbose logging and SIEM integration for all JeeWMS activities
4. Implement IP whitelisting for legitimate JeeWMS access
5. Conduct immediate data classification audit of systems using JeeWMS
6. Review access logs for past 90 days for suspicious /base-boot/actuator access
PATCHING STRATEGY:
- Contact vendor for security updates or consider alternative solutions
- Evaluate migration to patched or alternative warehouse management systems
- Implement version pinning to prevent automatic updates to vulnerable versions
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع حالات erzhongxmu JeeWMS في بيئتك باستخدام أدوات المسح والجرد
2. تعطيل أو تقييد الوصول إلى نقطة نهاية /base-boot/actuator فوراً باستخدام قواعد WAF أو ACLs
3. مراقبة جميع محاولات الوصول إلى نقاط نهاية /base-boot/actuator في الوقت الفعلي
4. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
قواعد الكشف:
1. تنبيهات على طلبات HTTP تحتوي على '/base-boot/actuator' أو '/actuator'
2. مراقبة أنماط الوصول غير العادية للملفات على خوادم JeeWMS
3. تتبع محاولات تجاوز المصادقة على نقاط نهاية actuator
4. تسجيل جميع محاولات معالجة المعاملات على نقاط نهاية التمهيد
الضوابط التعويضية:
1. تنفيذ تقسيم الشبكة لتقييد الوصول إلى خوادم JeeWMS
2. نشر قواعد WAF لحظر الوصول إلى /base-boot/actuator
3. تفعيل التسجيل المفصل والتكامل مع SIEM
4. تنفيذ القائمة البيضاء للعناوين IP للوصول الشرعي
5. إجراء تدقيق تصنيف البيانات الفوري للأنظمة التي تستخدم JeeWMS
6. مراجعة سجلات الوصول لآخر 90 يوماً للوصول المريب
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.1.1 - Access Control and Authentication
ECC 2024 A.8.2.1 - Asset Management and Inventory
ECC 2024 A.12.4.1 - Event Logging and Monitoring
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.AM-2: Software, hardware, and firmware inventory
SAMA CSF PR.AC-1: Access control policy and procedures
SAMA CSF PR.PT-1: Audit and accountability mechanisms
SAMA CSF DE.CM-1: The network is monitored for unauthorized connections
SAMA CSF RS.MI-2: Incidents are mitigated
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for information security
ISO 27001:2022 A.6.1 - Screening and selection
ISO 27001:2022 A.8.1 - Asset management
ISO 27001:2022 A.8.2 - Information classification
ISO 27001:2022 A.8.3 - Media handling
ISO 27001:2022 A.12.4 - Logging
ISO 27001:2022 A.12.6 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 2.2.4 - Configure system security parameters
PCI DSS 6.2 - Ensure security patches are installed
PCI DSS 10.2 - Implement automated audit trails
PCI DSS 11.2 - Run automated vulnerability scans