Design Tools Vulnerability in JD Edwards EnterpriseOne by Oracle
CVE-2022-21631
Key Information:
- Vendor
Oracle
- Vendor
- CVE Published:
- 18 October 2022
What is CVE-2022-21631?
An easily exploitable authorization bypass vulnerability exists in the Design Tools component of JD Edwards EnterpriseOne Tools. This flaw allows an unauthenticated attacker with HTTP network access to compromise the security of JD Edwards EnterpriseOne. Successful exploitation relies on user interaction from a third party, while the main vulnerability resides within JD Edwards EnterpriseOne Tools, the impact can extend to additional products, effectively broadening the scope of the attack. Attacks could enable unauthorized actions such as updates, inserts, or deletions of data, and may also allow unauthorized reading of certain accessible data within the JD Edwards EnterpriseOne Tools.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
JD Edwards EnterpriseOne Tools 9.2.6.4 and prior
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved