Oracle JD Edwards Web Runtime SEC Vulnerability in EnterpriseOne Tools Allowing Data Access and Modification

A vulnerability exists in the JD Edwards EnterpriseOne Tools product, specifically within the Web Runtime SEC component. This issue affects versions prior to 9.2.9.0. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Exploitation of this vulnerability requires human interaction from someone other than the attacker. While the vulnerability is contained within JD Edwards EnterpriseOne Tools, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain subsets of JD Edwards EnterpriseOne Tools data, as well as unauthorized update, insert, or delete access to other accessible data within the same tools.

Impact

Exploitation allows unauthorized access to read, modify, insert, or delete certain data within JD Edwards EnterpriseOne Tools. Additionally, according to Oracle, successful attacks could impact other products, leading to a scope change.