Unauthenticated Network Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2023-22055

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 18 July 2023

Summary

JD Edwards EnterpriseOne Tools by Oracle is susceptible to an unauthenticated access vulnerability. This flaw allows attackers with network access via HTTP to compromise the system without requiring any prior authentication. While the direct impact is on JD Edwards EnterpriseOne Tools, successful exploitation can lead to unauthorized access, resulting in the ability to update, insert, or delete valuable data. Furthermore, it offers the potential for unauthorized reading of confidential information. A human's interaction is necessary for successful exploitation, making it crucial for users of affected versions prior to 9.2.7.4 to apply available patches to mitigate risks.

Affected Version(s)

JD Edwards EnterpriseOne Tools * < 9.2.7.4

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022