Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2023-21936

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21936?

A vulnerability exists in Oracle's JD Edwards EnterpriseOne Tools, specifically within the Web Runtime SEC component, affecting versions prior to 9.2.7.3. This flaw allows a low privileged attacker with network access via HTTP to exploit the system. Successful exploitation hinges on human interaction from someone other than the attacker. Although the vulnerability resides in JD Edwards EnterpriseOne Tools, it may have wider implications, potentially affecting other products as well. Consequences of this vulnerability include unauthorized updates, inserts, or deletions of accessible data, in addition to unauthorized read access to certain datasets.

Affected Version(s)

JD Edwards EnterpriseOne Tools * < 9.2.7.3

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022