Oracle JD Edwards EnterpriseOne Orchestrator Vulnerability in E1 IOT Orchestrator Security Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in Oracle JD Edwards EnterpriseOne Orchestrator, specifically in the E1 IOT Orchestrator Security component, affecting versions prior to 9.2.9.2. This easily exploitable vulnerability allows low-privileged attackers with network access via HTTP to compromise the Orchestrator. Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible through JD Edwards EnterpriseOne Orchestrator.

Impact

Exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle JD Edwards EnterpriseOne Orchestrator Vulnerability in E1 IOT Orchestrator Security Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

Oracle JD Edwards EnterpriseOne Orchestrator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating