Oracle JD Edwards EnterpriseOne Tools Object and Environment Tech Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability has been identified in Oracle JD Edwards EnterpriseOne Tools, specifically in the Object and Environment Tech component. This issue affects supported versions 9.2.0.0 through 9.2.9.4. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Exploitation of this vulnerability requires human interaction from a person other than the attacker. While the vulnerability resides within JD Edwards EnterpriseOne Tools, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized update, insert, or delete access to some of the accessible data.

Impact

Successful exploitation allows unauthorized access to read, modify, insert, or delete certain data within JD Edwards EnterpriseOne Tools. Additionally, according to Oracle, this vulnerability could lead to a scope change, impacting other products.