VDB

CISA-2025-21552

CISA-2025-21552 PUBLISHED CVSS 6.5 MEDIUM

Reported by oracle · Published January 21, 2025

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Oracle CorporationJD Edwards EnterpriseOne Orchestrator*
Oracle CorporationJD Edwards EnterpriseOne Orchestrator*, *

Timeline

  • Jan 21, 2025 CVE Published
  • Mar 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›