PT-2018-1411 · Oracle · Jd Edwards Enterpriseone Tools

Published

2018-07-17

Updated

2019-10-03

CVE-2018-2944

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools version 9.2

Description The issue is related to inadequate access control in the Monitoring and Diagnostics component of JD Edwards EnterpriseOne Tools, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data in JD Edwards EnterpriseOne Tools.

Recommendations For version 9.2, apply the necessary security patches or updates to fix the access control issue in the Monitoring and Diagnostics component. As a temporary workaround, consider restricting access to the Monitoring and Diagnostics component until a patch is available.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2018-00960

CVE-2018-2944

Affected Products

Jd Edwards Enterpriseone Tools

PT-2018-1411 · Oracle · Jd Edwards Enterpriseone Tools

CVE-2018-2944

Weakness Enumeration

Related Identifiers

Affected Products

References · 6