PT-2024-10265 · Oracle · Jd Edwards Enterpriseone Tools
Ahmed Shah
+1
·
Published
2024-12-25
·
Updated
2025-01-22
·
CVE-2025-21508
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0
Description
The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.
Recommendations
For versions prior to 9.2.9.0, update to version 9.2.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Runtime SEC component to minimize the risk of exploitation.
Fix
Allocation of Resources Without Limits
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jd Edwards Enterpriseone Tools