CVE-2024-21245

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 21, 2025

Summary

CVE-2024-21245 is a vulnerability affecting Oracle JD Edwards EnterpriseOne Tools (Business Logic Infra SEC) prior to version 9.2.9.0. This vulnerability, which has a base score of 5.4 in CVSS 3.1, is easily exploitable by a low-privileged attacker with network access via HTTP. Successful attacks require human interaction and may significantly impact other products. The consequences of a successful exploit include unauthorized update, insert, or delete access to some JD Edwards EnterpriseOne Tools data and unauthorized read access to a subset of data. Attackers can take advantage of this vulnerability to compromise JD Edwards EnterpriseOne Tools, potentially leading to confidentiality and integrity issues.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Oracle JD Edwards EnterpriseOne Tools

Affected Vendors

  • BonqDAO