cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21168,https://securityvulnerability.io/vulnerability/CVE-2024-21168,Network Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle,"A security vulnerability exists in the JD Edwards EnterpriseOne Orchestrator component of Oracle JD Edwards. This flaw allows low-privileged attackers with network access via HTTP to compromise the Orchestrator, which could lead to unauthorized access to critical enterprise data stored within JD Edwards EnterpriseOne. Supported versions affected by this vulnerability include any version prior to 9.2.8.3. Successful exploitation of this vulnerability could result in significant confidentiality breaches, as attackers may gain complete access to sensitive data managed by the Orchestrator. Organizations using affected versions are advised to apply security updates promptly to mitigate potential risks.",Oracle,Jd Edwards Enterpriseone Orchestrator,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2023-22050,https://securityvulnerability.io/vulnerability/CVE-2023-22050,,"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",Oracle,Jd Edwards Enterpriseone Orchestrator,5.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2022-21532,https://securityvulnerability.io/vulnerability/CVE-2022-21532,,Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Jd Edwards Enterpriseone Orchestrator,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:07:18.000Z,0
CVE-2021-2052,https://securityvulnerability.io/vulnerability/CVE-2021-2052,,"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",Oracle,Jd Edwards Enterpriseone Orchestrator,5.8,MEDIUM,0.0009699999936856329,false,false,false,false,,false,false,2021-01-20T14:50:05.000Z,0