CVE-2022-21532

4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 56.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JD Edwards Enterpriseone Orchestrator Oracle Corporation JD Edwards Enterpriseone Orchestrator

Timeline

PublishedJul 19

Latest updateJul 20

Description

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDoracle/jd_edwards_enterpriseone_orchestrator9.2.6.3

▶CVEListV5oracle_corporation/jd_edwards_enterpriseone_orchestrator9.2.6.3 and prior

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-78ch-pwqc-4pp5: Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator)↗2022-07-20

▶

CVEList

CVE-2022-21532: Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator)↗2022-07-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator — CVE-2022-21532↗2022-07-15

▶