Impact
A flaw in the Accounts Payable component of Oracle JD Edwards EnterpriseOne allows a low‑privileged attacker who can reach the application over HTTP to create, delete, or modify critical data. The weakness, identified as an access‑control bypass, results in high confidentiality and integrity impact, enabling an attacker to access or alter all Accounts Payable data that the application exposes.
Affected Systems
The vulnerability affects Oracle Corporation’s JD Edwards EnterpriseOne Accounts Payable, specifically version 9.2. No other product or version information is supplied.
Risk and Exploitability
The CVSS 3.1 base score of 8.1 places the flaw in the high severity range. The EPSS score is below 1 %, indicating a low exploitation probability, and the flaw is not listed in CISA’s KEV catalog. The attack vector is network‑based over HTTP, with only low privilege required; successful exploitation would grant an attacker unauthorized data access and modification capabilities.
OpenCVE Enrichment