CVE-2024-21245
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-21245 is a vulnerability affecting Oracle JD Edwards EnterpriseOne Tools (Business Logic Infra SEC) prior to version 9.2.9.0. This vulnerability, which has a base score of 5.4 in CVSS 3.1, is easily exploitable by a low-privileged attacker with network access via HTTP. Successful attacks require human interaction and may significantly impact other products. The consequences of a successful exploit include unauthorized update, insert, or delete access to some JD Edwards EnterpriseOne Tools data and unauthorized read access to a subset of data. Attackers can take advantage of this vulnerability to compromise JD Edwards EnterpriseOne Tools, potentially leading to confidentiality and integrity issues.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Oracle JD Edwards EnterpriseOne Tools
Affected Vendors
- BonqDAO