Design Tools Vulnerability in JD Edwards EnterpriseOne by Oracle
CVE-2022-21631

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 18 October 2022

Summary

An easily exploitable authorization bypass vulnerability exists in the Design Tools component of JD Edwards EnterpriseOne Tools. This flaw allows an unauthenticated attacker with HTTP network access to compromise the security of JD Edwards EnterpriseOne. Successful exploitation relies on user interaction from a third party, while the main vulnerability resides within JD Edwards EnterpriseOne Tools, the impact can extend to additional products, effectively broadening the scope of the attack. Attacks could enable unauthorized actions such as updates, inserts, or deletions of data, and may also allow unauthorized reading of certain accessible data within the JD Edwards EnterpriseOne Tools.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.6.4 and prior

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021