Oracle JD Edwards EnterpriseOne Tools Business Logic Infra SEC Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in Oracle JD Edwards EnterpriseOne Tools, specifically in the Business Logic Infra SEC component, affecting versions prior to 9.2.9.0. This vulnerability allows low-privileged attackers with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Exploitation requires human interaction from a third party. While the vulnerability is contained within JD Edwards EnterpriseOne Tools, successful attacks could significantly impact additional products. The vulnerability could lead to unauthorized updates, inserts, or deletions of accessible data within JD Edwards EnterpriseOne Tools, as well as unauthorized read access to certain subsets of that data.

Impact

Exploitation of this vulnerability could result in unauthorized modification or deletion of data within JD Edwards EnterpriseOne Tools, as well as unauthorized access to some of the application's data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle JD Edwards EnterpriseOne Tools Business Logic Infra SEC Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle JD Edwards EnterpriseOne Tools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating