Web Runtime Security Flaw in Oracle JD Edwards EnterpriseOne Tools
CVE-2022-21629

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-21629?

A security vulnerability exists in Oracle JD Edwards EnterpriseOne Tools (specifically in the Web Runtime SEC component) that can be exploited by attackers with low privileges and network access via HTTP. This vulnerability, affecting versions 9.2.6.4 and prior, requires human interaction from a victim for successful execution. Exploiting this security flaw could lead to unauthorized access to data, including the ability to update, insert, or delete information within the JD Edwards EnterpriseOne system. While this vulnerability specifically impacts JD Edwards EnterpriseOne Tools, its effects may extend to additional connected products.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.6.4 and prior

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021