CVE-2024-21150
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-21150 is a vulnerability affecting the JD Edwards EnterpriseOne Tools product in Oracle JD Edwards (Web Runtime SEC component). Affected versions are prior to 9.2.8.2. This issue allows unauthenticated attackers, with network access via HTTP, to exploit the vulnerability and compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction and may significantly impact additional products. The consequences of a successful attack include unauthorized update, insert or delete access to some data and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. The CVSS Base Score is 6.1 for Confidentiality and Integrity impacts. The attack vector is network (AV:N), the attack complexity is low (AC:L), and the privilege required is none (PR:N). The user interaction is required (UI:R), the scope is limited to the affected system (S:C), and the Confidentiality and Integrity are affected with low impact (C:L, I:L).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- BonqDAO