CVE-2018-2945

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards Products version 9.2

Description The issue affects the JD Edwards EnterpriseOne Tools component, specifically the Web Runtime subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For version 9.2, update to a version that includes a fix for this issue, as the current version is easily exploitable and can lead to significant impacts on data integrity and confidentiality.