CVE-2022-21464

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions prior to 9.2.6.3

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of JD Edwards EnterpriseOne Tools and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. This is due to insufficient input validation in the Business Logic Infra SEC component.

Recommendations For versions prior to 9.2.6.3, update to version 9.2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Business Logic Infra SEC component to minimize the risk of exploitation. Avoid using HTTP requests that may trigger the vulnerability until the issue is resolved.