CVE-2020-2733

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools version 9.2

Description The issue is related to inadequate access control in the Monitoring and Diagnostics component of JD Edwards EnterpriseOne Tools, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of JD Edwards EnterpriseOne Tools.

Recommendations For version 9.2, consider restricting access to the Monitoring and Diagnostics component until a patch is available. As a temporary workaround, consider disabling the use of HTTP protocol for the affected component to minimize the risk of exploitation. Avoid using the affected component for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.