CVE-2023-22055

Summary

CVE-2023-22055 is a newly disclosed vulnerability affecting the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards, specifically the Web Runtime SEC component. This issue, which has a Base Score of 6.1 (Low) according to the Common Vulnerability Scoring System (CVSS), impacts versions prior to 9.2.7.4. An unauthenticated attacker with network access via HTTP can potentially exploit this vulnerability, leading to unauthorized update, insert, or delete access to some data and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. Although the vulnerability resides in JD Edwards EnterpriseOne Tools, the scope of potential damage may extend to other products as well. Successful exploitation requires human interaction from a person other than the attacker.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.