Unauthorized Access Flaw in Oracle JD Edwards EnterpriseOne Tools
CVE-2025-21513

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the JD Edwards EnterpriseOne Tools product from Oracle that allows unauthenticated attackers with network access to potentially compromise the system. This flaw affects supported versions prior to 9.2.9.0, enabling attackers to execute unauthorized updates, inserts, or deletions of data. Furthermore, it can grant unauthorized read access to certain data sets, significantly impacting the confidentiality and integrity of accessible information. It is crucial for users to be aware of this vulnerability, as it necessitates user interaction from a third party to exploit, which can lead to serious ramifications across interlinked Oracle products.

Affected Version(s)

JD Edwards EnterpriseOne Tools * < 9.2.9.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024