Design Tools Vulnerability in JD Edwards EnterpriseOne by Oracle
CVE-2022-21631

6.1MEDIUM

Key Information:

Vendor

Oracle

Vendor
CVE Published:
18 October 2022

What is CVE-2022-21631?

An easily exploitable authorization bypass vulnerability exists in the Design Tools component of JD Edwards EnterpriseOne Tools. This flaw allows an unauthenticated attacker with HTTP network access to compromise the security of JD Edwards EnterpriseOne. Successful exploitation relies on user interaction from a third party, while the main vulnerability resides within JD Edwards EnterpriseOne Tools, the impact can extend to additional products, effectively broadening the scope of the attack. Attacks could enable unauthorized actions such as updates, inserts, or deletions of data, and may also allow unauthorized reading of certain accessible data within the JD Edwards EnterpriseOne Tools.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.6.4 and prior

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.