CVE-2021-2052

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Orchestrator versions prior to 9.2.5.1

Description: The issue is related to inadequate access control in the E1 IOT Orchestrator Security component. It allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator, potentially leading to unauthorized read access to a subset of accessible data. The vulnerability may significantly impact additional products.

Recommendations: For versions prior to 9.2.5.1, update to version 9.2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the E1 IOT Orchestrator Security component to minimize the risk of exploitation.