CVE-2025-21552

Medium CVSS: 6.5

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Vendor

Oracle

Product

Jd Edwards Enterpriseone Orchestrator

CWE

CWE-1390

Yayın Tarihi

2025-01-21 21:15:21

Güncelleme

2025-06-23 17:50:21

Source Identifier

secalert_us@oracle.com

KEV Date Added

Kategoriler

CWE-1390 Jd Edwards Enterpriseone Orchestrator MEDIUM Oracle 2025

Referanslar

https://www.oracle.com/security-alerts/cpujan2025.html

Benzer Kayıtlar

Critical

CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracl…

Critical

CVE-2026-21994

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source P…

Medium

CVE-2026-21991

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

Medium

CVE-2026-21985

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that a…

High

CVE-2026-21986

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that a…

High

CVE-2026-21987

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that a…