Unauthenticated Access Vulnerability in JD Edwards EnterpriseOne Tools by Oracle

CVE-2022-21630

Summary

This vulnerability in JD Edwards EnterpriseOne Tools allows an unauthenticated attacker with network access via HTTP to compromise the tool. While exploitation requires human interaction from a non-attacker, the implications extend beyond JD Edwards EnterpriseOne Tools, potentially affecting associated products. Successful exploitation can lead to unauthorized access, enabling the attacker to update, insert, or delete information from accessible data, as well as read unauthorized data. This poses a significant risk to confidentiality and integrity, making it imperative for organizations using JD Edwards EnterpriseOne Tools to address this vulnerability promptly.

References