2024-11-29
Vulnerability :
This article describes a critical vulnerability (CVE-2024-20937) in Oracle JD Edwards EnterpriseOne Tools (Monitoring and Diagnostics SEC component). Versions prior to 9.2.8.1 are affected.
Vulnerability Details:
A low-privileged attacker with network access can exploit this vulnerability via HTTP.
Successful exploitation allows unauthorized read access to some JD Edwards EnterpriseOne Tools data.
CVSS v3.1 Base Score: 4.3 (Critical – Confidentiality impact)
CVE Details:
CVE ID: CVE-2024-20937
Published Date: February 16, 2024
Last Modified: November 29, 2024
Platform: JD Edwards EnterpriseOne Tools
Version: Prior to 9.2.8.1
Vulnerability: Information Disclosure
Severity: Critical
Date: February 16, 2024
What Undercode Says:
This critical vulnerability allows attackers to access sensitive data within JD Edwards EnterpriseOne Tools. Upgrading to version 9.2.8.1 or later is crucial to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help