Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.8.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
History

Thu, 05 Dec 2024 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Oracle
Oracle jd Edwards Enterpriseone Orchestrator
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle jd Edwards Enterpriseone Orchestrator

Wed, 06 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2024-07-16T22:40:06.430Z

Updated: 2024-11-06T20:12:27.651Z

Reserved: 2023-12-07T22:28:10.686Z

Link: CVE-2024-21168

cve-icon Vulnrichment

Updated: 2024-08-01T22:13:42.794Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-16T23:15:20.253

Modified: 2024-12-05T21:40:25.147

Link: CVE-2024-21168

cve-icon Redhat

No data.