Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
References
Link | Resource |
---|---|
https://www.oracle.com/security-alerts/cpujan2024.html | Patch Vendor Advisory |
Configurations
History
20 Jan 2024, 18:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* | |
First Time |
Oracle
Oracle jd Edwards Enterpriseone Tools |
|
CWE | NVD-CWE-noinfo | |
References | () https://www.oracle.com/security-alerts/cpujan2024.html - Patch, Vendor Advisory |
16 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-20957
Mitre link : CVE-2024-20957
CVE.ORG link : CVE-2024-20957
JSON object : View
Products Affected
oracle
- jd_edwards_enterpriseone_tools
CWE