HTTP: Oracle JD Edwards EnterpriseOne account takeover

This signature detects attempts to exploit a known vulnerability against Oracle JD Edwards EnterpriseOne. A successful attack can lead to sensitive information disclosure.

Extended Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Products

Oracle jd_edwards_enterpriseone_tools

References

CVE: CVE-2020-2733

Short Name
HTTP:ORACLE:ORACLE-JD-EDWARDS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-2733 Edwards EnterpriseOne JD Oracle account takeover
Release Date
11/16/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3546
False Positive
Unknown
Vendors

Oracle

CVSS Score

7.5

Found a potential security threat?