JD Edwards EnterpriseOne Tools Vulnerability (CVE-2024-20937) – Critical

2024-11-29

Vulnerability :

This article describes a critical vulnerability (CVE-2024-20937) in Oracle JD Edwards EnterpriseOne Tools (Monitoring and Diagnostics SEC component). Versions prior to 9.2.8.1 are affected.

Vulnerability Details:

A low-privileged attacker with network access can exploit this vulnerability via HTTP.
Successful exploitation allows unauthorized read access to some JD Edwards EnterpriseOne Tools data.
CVSS v3.1 Base Score: 4.3 (Critical – Confidentiality impact)

CVE Details:

CVE ID: CVE-2024-20937

Published Date: February 16, 2024

Last Modified: November 29, 2024

Platform: JD Edwards EnterpriseOne Tools
Version: Prior to 9.2.8.1
Vulnerability: Information Disclosure
Severity: Critical
Date: February 16, 2024

What Undercode Says:

This critical vulnerability allows attackers to access sensitive data within JD Edwards EnterpriseOne Tools. Upgrading to version 9.2.8.1 or later is crucial to mitigate this risk.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top