CVE-2025-30740Improper Access Control in Corporation JD Edwards Enterpriseone Tools

CWE-284Improper Access Control4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 46.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation JD Edwards Enterpriseone ToolsOracle JD Edwards Enterpriseone Tools
Timeline
PublishedApr 15

Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (C

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDoracle/jd_edwards_enterpriseone_tools9.2.0.09.2.9.2

Patches

Patch: www.oracle.com

🔴Vulnerability Details

2
CVEList
CVE-2025-30740: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC)2025-04-15
GHSA
GHSA-r2hv-pfm6-9m75: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC)2025-04-15

📋Vendor Advisories

1
Oracle
Oracle Oracle JD Edwards Risk Matrix: Web Runtime SEC — CVE-2025-307402025-04-15
CVE-2025-30740 — Improper Access Control | cvebase