Oracle JD Edwards Web Runtime SEC Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the JD Edwards EnterpriseOne Tools product, specifically within the Web Runtime SEC component. This issue affects versions prior to 9.2.9.0. The vulnerability is easily exploitable, allowing a low-privileged attacker with network access via HTTP to disrupt JD Edwards EnterpriseOne Tools. Successful exploitation can lead to a complete hang or a frequently repeatable crash of the application.

Impact

Exploitation of this vulnerability can cause JD Edwards EnterpriseOne Tools to hang or crash, leading to a complete denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle JD Edwards Web Runtime SEC Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Oracle JD Edwards EnterpriseOne Tools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating