Oracle Jd Edwards Enterpriseone Tools vulnerabilities

CVE-2025-21538 [MEDIUM] CWE-352 CVE-2025-21538: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interact

CVE-2024-21150 [MEDIUM] CWE-284 CVE-2024-21150: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interact

CVE-2024-20937 [MEDIUM] CWE-200 CVE-2024-20937: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitor Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this

CVE-2024-20905 [LOW] CWE-404 CVE-2024-20905: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterpr Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this v

CVE-2024-20957 [LOW] CVE-2024-20957: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can res

CVE-2023-22055 [MEDIUM] CVE-2023-22055: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from

CVE-2023-21927 [MEDIUM] CVE-2023-21927: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interop Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can

CVE-2023-21936 [MEDIUM] CVE-2023-21936: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from

CVE-2022-21629 [MEDIUM] CVE-2022-21629: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from

CVE-2022-21631 [MEDIUM] CWE-79 CVE-2022-21631: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interact

CVE-2022-21630 [MEDIUM] CVE-2022-21630: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction fro

CVE-2022-21542 [HIGH] CVE-2022-21542: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne

CVE-2022-21561 [MEDIUM] CVE-2022-21561: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result i

CVE-2022-21464 [HIGH] CVE-2022-21464: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Busines Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability

CVE-2022-21409 [MEDIUM] CVE-2022-21409: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a

CVE-2021-4160 [MEDIUM] CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this de

CVE-2021-41182 [MEDIUM] CWE-79 CVE-2021-41182: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not acc

CVE-2021-41183 [MEDIUM] CWE-79 CVE-2021-41183: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is

CVE-2021-41184 [MEDIUM] CWE-79 CVE-2021-41184: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the val

CVE-2021-42013 [CRITICAL] CVE-2021-42013: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attac It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succe