CISA-2025-21552
Reported by oracle · Published January 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | JD Edwards EnterpriseOne Orchestrator | * |
| Oracle Corporation | JD Edwards EnterpriseOne Orchestrator | *, * |
Timeline
- Jan 21, 2025 CVE Published
- Mar 13, 2025 CVE Updated
References
- Oracle Advisory vendor-advisory