CVE-2018-2944Corporation JD Edwards Enterpriseone Tools vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.3%
top 15.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation JD Edwards Enterpriseone ToolsOracle JD Edwards Enterpriseone Tools
Timeline
PublishedJul 18
Latest updateMay 13

Description

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Ba

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-3vjv-rwr9-f593: Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics)2022-05-13
CVEList
CVE-2018-2944: Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics)2018-07-18
CVE-2018-2944 — HIGH severity | cvebase