Network Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle
CVE-2024-21168

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Orchestrator
Vendor: CVE Published:; 16 July 2024

Summary

A security vulnerability exists in the JD Edwards EnterpriseOne Orchestrator component of Oracle JD Edwards. This flaw allows low-privileged attackers with network access via HTTP to compromise the Orchestrator, which could lead to unauthorized access to critical enterprise data stored within JD Edwards EnterpriseOne. Supported versions affected by this vulnerability include any version prior to 9.2.8.3. Successful exploitation of this vulnerability could result in significant confidentiality breaches, as attackers may gain complete access to sensitive data managed by the Orchestrator. Organizations using affected versions are advised to apply security updates promptly to mitigate potential risks.

Affected Version(s)

JD Edwards EnterpriseOne Orchestrator * < 9.2.8.3

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024