cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-21552,https://securityvulnerability.io/vulnerability/CVE-2025-21552,Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle,"A vulnerability exists in the JD Edwards EnterpriseOne Orchestrator, enabling low privileged attackers with network access through HTTP to exploit the system. Affected versions prior to 9.2.9.2 could allow unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. This poses a significant risk to the confidentiality of sensitive information.",Oracle,Jd Edwards Enterpriseone Orchestrator,6.5,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:16.924Z,0
CVE-2025-21538,https://securityvulnerability.io/vulnerability/CVE-2025-21538,Unauthenticated Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"The JD Edwards EnterpriseOne Tools product from Oracle is susceptible to an unauthenticated vulnerability that allows remote attackers with network access to exploit the system via HTTP. This flaw, impacting versions prior to 9.2.9.2, can lead to unauthorized modifications to accessible data, including updates and deletions, contingent on human interaction from a third-party user. Additionally, it allows unauthorized reading of certain data sets, demonstrating potential significant repercussions on additional products linked to JD Edwards EnterpriseOne Tools. Administrators are recommended to apply necessary patches to mitigate the risks associated with this vulnerability.",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:11.546Z,0
CVE-2025-21527,https://securityvulnerability.io/vulnerability/CVE-2025-21527,Unauthenticated Network Access Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability exists in JD Edwards EnterpriseOne Tools from Oracle, specifically in the Design Tools SEC component, which affects versions prior to 9.2.9.0. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the system. While the attack requires human interaction, successful exploitation can lead to unauthorized modifications, including insertions and deletions of data, and unauthorized reading of some accessible data. The impact of this vulnerability is significant, potentially affecting additional products associated with JD Edwards EnterpriseOne Tools.",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:07.079Z,0
CVE-2025-21524,https://securityvulnerability.io/vulnerability/CVE-2025-21524,Unauthenticated Remote Code Execution in JD Edwards EnterpriseOne Tools from Oracle,"A significant vulnerability exists in Oracle's JD Edwards EnterpriseOne Tools, specifically concerning its Monitoring and Diagnostics SEC component. This vulnerability allows an unauthenticated attacker with network access through HTTP to potentially compromise the system. If exploited, attackers can gain control of JD Edwards EnterpriseOne Tools, posing serious risks to data confidentiality, integrity, and availability. The affected versions are those prior to 9.2.9.0. Organizations using this software should review their security posture and apply necessary updates to mitigate risks.",Oracle,Jd Edwards Enterpriseone Tools,9.8,CRITICAL,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:05.881Z,0
CVE-2025-21517,https://securityvulnerability.io/vulnerability/CVE-2025-21517,Web Runtime Security Flaw in Oracle JD Edwards EnterpriseOne Tools,"An exploitable vulnerability exists in the Web Runtime component of Oracle's JD Edwards EnterpriseOne Tools. This security flaw affects all supported versions prior to 9.2.9.0. A low-privileged attacker with network access via HTTP can leverage this vulnerability to execute unauthorized actions, such as updates, inserts, or deletions of data within the JD Edwards system. The vulnerability presents significant risks by compromising data integrity, creating the potential for unauthorized manipulation of crucial enterprise information.",Oracle,Jd Edwards Enterpriseone Tools,4.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:02.910Z,0
CVE-2025-21515,https://securityvulnerability.io/vulnerability/CVE-2025-21515,Critical Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"This vulnerability affects Oracle's JD Edwards EnterpriseOne Tools, specifically the Web Runtime SEC component. When exploited, it allows low-privileged attackers with network access via HTTP to take control of the JD Edwards EnterpriseOne Tools software. All versions prior to 9.2.9.0 are at risk, making it crucial for organizations using this software to assess their exposure and promptly implement security updates.",Oracle,Jd Edwards Enterpriseone Tools,8.8,HIGH,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:01.910Z,0
CVE-2025-21514,https://securityvulnerability.io/vulnerability/CVE-2025-21514,Unauthenticated Network Access Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A significant vulnerability exists in the JD Edwards EnterpriseOne Tools product from Oracle, specifically in the Web Runtime SEC component. This vulnerability, present in versions prior to 9.2.9.0, permits unauthenticated attackers with network access through HTTP to exploit the system. Successful exploitation may lead to unauthorized read access to sensitive data within the JD Edwards EnterpriseOne Tools, raising serious security concerns for organizations relying on this software for operational functionality.",Oracle,Jd Edwards Enterpriseone Tools,5.3,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:01.364Z,0
CVE-2025-21513,https://securityvulnerability.io/vulnerability/CVE-2025-21513,Unauthorized Access Flaw in Oracle JD Edwards EnterpriseOne Tools,"A vulnerability exists in the JD Edwards EnterpriseOne Tools product from Oracle that allows unauthenticated attackers with network access to potentially compromise the system. This flaw affects supported versions prior to 9.2.9.0, enabling attackers to execute unauthorized updates, inserts, or deletions of data. Furthermore, it can grant unauthorized read access to certain data sets, significantly impacting the confidentiality and integrity of accessible information. It is crucial for users to be aware of this vulnerability, as it necessitates user interaction from a third party to exploit, which can lead to serious ramifications across interlinked Oracle products.",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:00.965Z,0
CVE-2025-21512,https://securityvulnerability.io/vulnerability/CVE-2025-21512,Web Runtime Security Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability in the Web Runtime Security component of JD Edwards EnterpriseOne Tools allows unauthenticated network attackers to exploit the system. Successful exploitation requires user interaction, enabling unauthorized access to update, insert, or delete critical data. This vulnerability primarily affects versions before 9.2.9.0, posing significant risks not only to JD Edwards EnterpriseOne Tools but potentially impacting additional associated products. Security measures and updates are essential to mitigate the risks associated with this vulnerability.",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:00.554Z,0
CVE-2025-21511,https://securityvulnerability.io/vulnerability/CVE-2025-21511,Unauthorized Access Vulnerability in Oracle JD Edwards EnterpriseOne Tools,"A vulnerability exists in Oracle JD Edwards EnterpriseOne Tools, specifically within the Web Runtime SEC component. This weakness allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. If exploited, it could lead to significant data breaches, granting an attacker complete control over the accessible data for JD Edwards EnterpriseOne Tools. It is crucial for organizations using affected versions prior to 9.2.9.0 to take preventive measures against potential exploitation.",Oracle,Jd Edwards Enterpriseone Tools,7.5,HIGH,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:00.184Z,0
CVE-2025-21510,https://securityvulnerability.io/vulnerability/CVE-2025-21510,Web Runtime Security Flaw in JD Edwards EnterpriseOne Tools by Oracle,"An exploitable security vulnerability exists in JD Edwards EnterpriseOne Tools, specifically affecting versions prior to 9.2.9.0. This flaw allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Successful exploitation could lead to complete access to all information within the JD Edwards EnterpriseOne Tools environment, compromising the integrity and confidentiality of critical data assets.",Oracle,Jd Edwards Enterpriseone Tools,7.5,HIGH,0.01,false,false,false,false,false,false,false,2025-01-21T20:52:59.628Z,0
CVE-2025-21509,https://securityvulnerability.io/vulnerability/CVE-2025-21509,Denial of Service Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability exists in JD Edwards EnterpriseOne Tools, specifically in the Web Runtime SEC component, that allows low-privileged attackers with network access via HTTP to disrupt the service. Exploiting this issue can lead to unauthorized sessions that result in system hangs or repeatable crashes, effectively causing a Denial of Service condition. Organizations using unsupported versions prior to 9.2.9.0 are particularly at risk and should take immediate action to mitigate potential threats.",Oracle,Jd Edwards Enterpriseone Tools,6.5,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:52:59.193Z,0
CVE-2025-21508,https://securityvulnerability.io/vulnerability/CVE-2025-21508,Denial of Service Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability exists in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards, allowing low-privileged attackers with network access via HTTP to compromise the system. Affected versions prior to 9.2.9.0 may experience frequent crashes or a complete denial of service, making the application unreliable for users. The implications of this vulnerability underline the necessity for timely updates and security measures to safeguard operational integrity.",Oracle,Jd Edwards Enterpriseone Tools,6.5,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:52:58.801Z,0
CVE-2025-21507,https://securityvulnerability.io/vulnerability/CVE-2025-21507,Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability exists in the JD Edwards EnterpriseOne Tools product from Oracle, specifically in the Web Runtime component. This security flaw allows low-privileged attackers with network access to compromise the application via HTTP. Exploitation requires human interaction from a user other than the attacker, revealing a nuanced attack vector. Although primarily impacting JD Edwards EnterpriseOne Tools, successful attacks can have broader implications on associated products. The vulnerability can lead to unauthorized data manipulation, including update, insert, or delete operations, as well as unauthorized access to certain data within the system.",Oracle,Jd Edwards Enterpriseone Tools,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:52:58.425Z,0
CVE-2024-21245,https://securityvulnerability.io/vulnerability/CVE-2024-21245,Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A vulnerability exists in Oracle's JD Edwards EnterpriseOne Tools affecting versions prior to 9.2.9.0. It allows low privilege attackers with HTTP network access to successfully exploit the system, provided human interaction occurs. While the vulnerability is specific to JD Edwards EnterpriseOne Tools, the implications of successful exploitation may extend to additional components. Attackers can achieve unauthorized updates, inserts, or deletions of data, as well as unauthorized read access to certain sensitive information within the JD Edwards ecosystem.",Oracle,Jd Edwards Enterpriseone Tools,5.4,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:52:45.397Z,0
CVE-2024-21150,https://securityvulnerability.io/vulnerability/CVE-2024-21150,Unauthorized Access to Sensitive Data via HTTP,"A significant vulnerability exists within the JD Edwards EnterpriseOne Tools product, specifically affecting the Web Runtime component. This issue allows an unauthenticated attacker with network access through HTTP to compromise the functionality of JD Edwards EnterpriseOne Tools. Successful exploitation requires human interaction from a third party, escalating the potential risk of unauthorized access. While the flaw is specifically within the JD Edwards EnterpriseOne Tools, the implications can extend to other intertwined products, suggesting a broader impact. The vulnerability can lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of certain data sets, compromising both confidentiality and integrity of sensitive information.",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21168,https://securityvulnerability.io/vulnerability/CVE-2024-21168,Network Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle,"A security vulnerability exists in the JD Edwards EnterpriseOne Orchestrator component of Oracle JD Edwards. This flaw allows low-privileged attackers with network access via HTTP to compromise the Orchestrator, which could lead to unauthorized access to critical enterprise data stored within JD Edwards EnterpriseOne. Supported versions affected by this vulnerability include any version prior to 9.2.8.3. Successful exploitation of this vulnerability could result in significant confidentiality breaches, as attackers may gain complete access to sensitive data managed by the Orchestrator. Organizations using affected versions are advised to apply security updates promptly to mitigate potential risks.",Oracle,Jd Edwards Enterpriseone Orchestrator,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-20905,https://securityvulnerability.io/vulnerability/CVE-2024-20905,JD Edwards EnterpriseOne Tools Vulnerability Could Lead to Partial Denial of Service,Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC).  Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).,Oracle,Jd Edwards Enterpriseone Tools,2.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T02:15:00.000Z,0
CVE-2024-20937,https://securityvulnerability.io/vulnerability/CVE-2024-20937,JD Edwards EnterpriseOne Tools Vulnerability,Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC).  Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,JD Edwards EnterpriseOne Tools,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T01:50:13.991Z,0
CVE-2024-20957,https://securityvulnerability.io/vulnerability/CVE-2024-20957,Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"A security vulnerability has been identified in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards, affecting all versions prior to 9.2.8.1. This vulnerability is easily exploitable by attackers with high privileges and network access through JDENET, enabling them to compromise the EnterpriseOne Tools environment. If successfully exploited, this flaw could allow the attacker to partially disrupt the availability of the JD Edwards EnterpriseOne Tools, leading to a risk of service interruption. It is crucial for organizations using the affected software to evaluate their security posture and implement necessary patches.",Oracle,JD Edwards EnterpriseOne Tools,2.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:21.266Z,0
CVE-2023-22050,https://securityvulnerability.io/vulnerability/CVE-2023-22050,,"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",Oracle,Jd Edwards Enterpriseone Orchestrator,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22055,https://securityvulnerability.io/vulnerability/CVE-2023-22055,,"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).  Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Jd Edwards Enterpriseone Tools,6.1,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21936,https://securityvulnerability.io/vulnerability/CVE-2023-21936,,"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).  Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Jd Edwards Enterpriseone Tools,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21927,https://securityvulnerability.io/vulnerability/CVE-2023-21927,,Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC).  Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Jd Edwards Enterpriseone Tools,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2022-21629,https://securityvulnerability.io/vulnerability/CVE-2022-21629,,"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Jd Edwards Enterpriseone Tools,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0