CVE-2024-21150

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 16, 2024
Updated: Jul 17, 2024

Summary

CVE-2024-21150 is a vulnerability affecting the JD Edwards EnterpriseOne Tools product in Oracle JD Edwards (Web Runtime SEC component). Affected versions are prior to 9.2.8.2. This issue allows unauthenticated attackers, with network access via HTTP, to exploit the vulnerability and compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction and may significantly impact additional products. The consequences of a successful attack include unauthorized update, insert or delete access to some data and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. The CVSS Base Score is 6.1 for Confidentiality and Integrity impacts. The attack vector is network (AV:N), the attack complexity is low (AC:L), and the privilege required is none (PR:N). The user interaction is required (UI:R), the scope is limited to the affected system (S:C), and the Confidentiality and Integrity are affected with low impact (C:L, I:L).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share