Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2025-21507

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the JD Edwards EnterpriseOne Tools product from Oracle, specifically in the Web Runtime component. This security flaw allows low-privileged attackers with network access to compromise the application via HTTP. Exploitation requires human interaction from a user other than the attacker, revealing a nuanced attack vector. Although primarily impacting JD Edwards EnterpriseOne Tools, successful attacks can have broader implications on associated products. The vulnerability can lead to unauthorized data manipulation, including update, insert, or delete operations, as well as unauthorized access to certain data within the system.

Affected Version(s)

JD Edwards EnterpriseOne Tools * < 9.2.9.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024