Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0836

CWE-190Integer OverflowCWE-119Buffer Overflow9 documents5 sources
Severity
3.5LOW
EPSS
2.5%
top 14.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Oracle Oneworld ToolsOracle Enterpriseone ToolsOracle JD Edwards Enterpriseone+3 more
Timeline
PublishedApr 20
Latest updateMay 17

Description

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages6 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-88wc-387v-hhv7: Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 82022-05-17
CVEList
CVE-2011-0836: Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 82011-04-20

💥Exploits & PoCs

5
Exploit-DB
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/JASMafletMafBrowserClose.mafService?jdemafjasLinkTarget' Cross-Site Scripting2011-04-19
Exploit-DB
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf?jdeowpBackButtonProtect' Cross-Site Scripting2011-04-19
Exploit-DB
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/MafletClose.mafService?RENDER_MAFLET' Cross-Site Scripting2011-04-19
Exploit-DB
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService?e1.namespace' Cross-Site Scripting2011-04-19
Exploit-DB
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService?e1.namespace' Cross-Site Scripting2011-04-19

📋Vendor Advisories

1
Red Hat
kernel: dccp: handle invalid feature options length2011-05-06
CVE-2011-0836 (LOW CVSS 3.5) | Unspecified vulnerability in Oracle | cvebase.io