Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujul2022.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2022-07-19T21:07:18
Updated: 2024-08-03T02:46:38.451Z
Reserved: 2021-11-15T00:00:00
Link: CVE-2022-21532
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-19T22:15:11.287
Modified: 2022-07-23T03:17:50.737
Link: CVE-2022-21532
Redhat
No data.