PT-2024-10264 · Oracle · Jd Edwards Enterpriseone Tools
Ahmed Shah
+1
·
Published
2024-12-25
·
Updated
2025-01-21
·
CVE-2025-21509
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0
Description
This issue allows an attacker with low privileges and network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of JD Edwards EnterpriseOne Tools. The vulnerability is related to the Web Runtime SEC component and can be exploited to cause a denial of service.
Recommendations
For versions prior to 9.2.9.0, update to version 9.2.9.0 or later to resolve the issue.
At the moment, there is no information about additional mitigation measures for this vulnerability.
Fix
Allocation of Resources Without Limits
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jd Edwards Enterpriseone Tools