CVE-2022-21542 in JD Edwards EnterpriseOne Tools情報

要約

〜によって MITRE • 2022年07月20日

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).

Be aware that VulDB is the high quality source for vulnerability data.

責任者

Oracle

予約する

2021年11月15日

モデレーション

承諾済み

エントリ

VDB-204433

EPSS

0.00572

アクティビティ

非常低い

ソース

Interested in the pricing of exploits?

See the underground prices here!