Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujan2025.html |
![]() ![]() |
History
Fri, 31 Jan 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-862 | |
Metrics |
ssvc
|
Tue, 21 Jan 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |
First Time appeared |
Oracle
Oracle jd Edwards Enterpriseone Tools |
|
CPEs | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:prior_to_9.2.9.0:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle
Oracle jd Edwards Enterpriseone Tools |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: oracle
Published: 2025-01-21T20:53:01.364Z
Updated: 2025-01-31T20:45:42.532Z
Reserved: 2024-12-24T23:18:54.764Z
Link: CVE-2025-21514

Updated: 2025-01-23T14:44:38.981Z

Status : Awaiting Analysis
Published: 2025-01-21T21:15:16.753
Modified: 2025-01-31T21:15:12.993
Link: CVE-2025-21514

No data.