Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujan2025.html |
![]() ![]() |
History
Wed, 22 Jan 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-770 | |
Metrics |
ssvc
|
Tue, 21 Jan 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |
First Time appeared |
Oracle
Oracle jd Edwards Enterpriseone Tools |
|
CPEs | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:prior_to_9.2.9.0:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle
Oracle jd Edwards Enterpriseone Tools |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: oracle
Published: 2025-01-21T20:52:58.801Z
Updated: 2025-01-22T18:32:51.268Z
Reserved: 2024-12-24T23:18:54.764Z
Link: CVE-2025-21508

Updated: 2025-01-22T18:32:44.010Z

Status : Awaiting Analysis
Published: 2025-01-21T21:15:15.973
Modified: 2025-01-22T19:15:10.767
Link: CVE-2025-21508

No data.