Volerion logoVolerion
Volerion logoVolerion

Oracle JD Edwards Web Runtime SEC Unauthenticated Data Access Vulnerability

Vulnerability

A vulnerability exists in the JD Edwards EnterpriseOne Tools product, specifically in the Web Runtime SEC component. It affects versions 9.2.0.0 through 9.2.26.0. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Exploitation of this vulnerability requires human interaction from a third party. While the issue is contained within JD Edwards EnterpriseOne Tools, successful attacks could significantly impact additional products. The vulnerability allows unauthorized update, insert, or delete access to some accessible data within JD Edwards EnterpriseOne Tools, as well as unauthorized read access to a subset of the same data.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of data within JD Edwards EnterpriseOne Tools, including the ability to read, update, insert, or delete certain accessible data. Additionally, according to Oracle, successful exploitation could allow for a scope change, impacting other products.

Added: Jan 20, 2026, 11:08 PM
Updated: Jan 20, 2026, 11:08 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
3.1
exploitability
5.8
remediation
0.0
relevance
2.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.