Impact
The flaw resides in the Enterprise Infrastructure Security component of Oracle JD Edwards EnterpriseOne Tools, specifically affecting versions 9.2.0.0 through 9.2.26.2. An unauthenticated attacker who can reach the JDENET service on the target network can exploit this weakness to bypass any authentication checks and gain full control of the tools. The vulnerability classifies as an improper access control issue (CWE‑284) and, when successfully leveraged, results in complete loss of confidentiality, integrity, and availability for the affected application.
Affected Systems
Oracle JD Edwards EnterpriseOne Tools, versions 9.2.0.0 to 9.2.26.2, deployed by Oracle Corporation.
Risk and Exploitability
The CVSS v3.1 base score of 9.8 marks the vulnerability as critical. The EPSS score of less than 1% suggests a low current wild‑world exploitation probability, yet the vulnerability is not listed in the CISA KEV catalog. Exploitation requires only network access to the JDENET port, no user credentials, and it can be performed remotely from any host that can reach the service. Successful exploitation grants an attacker full system takeover of the JD Edwards EnterpriseOne Tools.
OpenCVE Enrichment