SQL Injection Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle
CVE-2023-22050

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Orchestrator
Vendor: CVE Published:; 18 July 2023

What is CVE-2023-22050?

A vulnerability exists in the JD Edwards EnterpriseOne Orchestrator component of Oracle's JD Edwards. This flaw allows low-privileged attackers with network access to manipulate the Orchestrator, potentially leading to unauthorized modifications, inserts, or deletions of accessible data. Additionally, attackers might gain unauthorized read access to certain data sets, compromising both the confidentiality and integrity of information within the JD Edwards EnterpriseOne Orchestrator, specifically in versions prior to 9.2.7.4.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JD Edwards EnterpriseOne Orchestrator * < 9.2.7.4

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022

JSON

Oracle