cbcvebase.
CVE-2020-2733
published 2020-04-15

CVE-2020-2733: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
18.64%
96.9th percentile
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

2 ranges
VendorProductVersion rangeFixed in
oraclejd_edwards_enterpriseone_tools
oracle_corporationjd_edwards_enterpriseone_tools

Detection & IOCsextracted from sources · hover to see the quote

url/manage/fileDownloader?sec=1
port8999
  • Send an unauthenticated HTTP GET request to /manage/fileDownloader?sec=1 and check for the string 'ACHCJK' in the response body, Content-Type header of 'text/plain', and HTTP 200 status code — all three must match to confirm exploitation.
  • Identify exposed JD Edwards EnterpriseOne Tools instances via Shodan by querying for WebLogic Server on port 8999.
  • ·The vulnerability is exploitable with no authentication (PR:N, UI:N) over HTTP, meaning no credentials or user interaction are required to trigger the vulnerable endpoint.
  • ·Only version 9.2 of JD Edwards EnterpriseOne Tools is confirmed affected; scope detection efforts accordingly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_oracle9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.