CVE-2018-2947

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Published : 2018-07-18 13:29 Updated : 2019-03-20 19:52

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Oracle Jd Edwards Enterpriseone Tools 9.2 cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2
  1. Oracle (1) Search CVE
    1. Jd Edwards Enterpriseone Tools (1) Search CVE
      1. 9.2

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-03-20 19:52
2018-07-28 01:29
2018-07-25 14:55
2018-07-18 13:29

New CVE