Volerion logoVolerion
Volerion logoVolerion

Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC Vulnerability Allowing Data Access and Modification

Vulnerability

A vulnerability has been identified in the JD Edwards EnterpriseOne Tools product, specifically in the Web Runtime SEC component. This issue affects versions 9.2.0.0 through 9.2.9.4. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Exploitation of this vulnerability requires human interaction from a person other than the attacker. While the vulnerability resides within JD Edwards EnterpriseOne Tools, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized update, insert, or delete access to some of the accessible data.

Impact

Successful exploitation allows unauthorized access to read, modify, insert, or delete certain data within JD Edwards EnterpriseOne Tools.

Added: Oct 21, 2025, 9:41 PM
Updated: Oct 21, 2025, 9:41 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
1.3
exploitability
6.0
remediation
0.0
relevance
0.8
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.