Impact
The vulnerability resides in the E1 Foundation component of JD Edwards EnterpriseOne General Ledger, enabling an attacker with low privileges and network access via SMB to compromise the system. The flaw permits full control over the application, resulting in a loss of confidentiality, integrity, and availability. The weakness is identified as CWE‑269, reflecting an improper authorization or privilege escalation scenario.
Affected Systems
The affected product is Oracle JD Edwards EnterpriseOne General Ledger, version 9.2. Only this release is known to contain the vulnerability; no other versions are listed as impacted.
Risk and Exploitability
The CVSS base score of 9.9 indicates critical severity, with a low attack complexity but requiring local or network SMB access. The EPSS score of less than 1 % suggests a low probability of exploitation at the time of analysis, and the vulnerability is not currently listed in the CISA KEV catalog. However, the scope change noted in the description means that successful exploitation could also impact additional Oracle products.
OpenCVE Enrichment