CVE-2025-30760Improper Access Control in Corporation JD Edwards Enterpriseone Tools

CWE-284Improper Access Control4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 79.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation JD Edwards Enterpriseone ToolsOracle JD Edwards Enterpriseone Tools
Timeline
PublishedJul 15

Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read acces

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDoracle/jd_edwards_enterpriseone_tools9.2.0.09.2.9.3

Patches

Patch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-mh3h-2g7j-39w4: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC)2025-07-15
CVEList
CVE-2025-30760: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC)2025-07-15

📋Vendor Advisories

1
Oracle
Oracle Oracle JD Edwards Risk Matrix: Web Runtime SEC — CVE-2025-307602025-07-15
CVE-2025-30760 — Improper Access Control | cvebase