CVE-2024-21168

Summary

CVE-2024-21168 is a newly identified vulnerability affecting the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards. Versions prior to 9.2.8.3 are susceptible to this easily exploitable issue. A low privileged attacker with network access via HTTP can leverage this flaw to gain unauthorized access to critical data or take full control of all JD Edwards EnterpriseOne Orchestrator data. The Confidentiality impact of this vulnerability is high, with a CVSS 3.1 Base Score of 6.5. This vulnerability can be exploited without user interaction or user awareness, making it a significant security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.