Code injection

2016-01-2102:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422.

CPENameOperatorVersion
jd_edwards_productseq9.2
jd_edwards_productseq9.1

CPE	Name	Operator	Version
	jd_edwards_products	eq	9.2
	jd_edwards_products	eq	9.1

References

packetstormsecurity.com/files/138510/JD-Edwards-9.1-EnterpriseOne-Server-Denial-Of-Service.html

seclists.org/fulldisclosure/2016/Aug/127

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.securitytracker.com/id/1034722

www.onapsis.com/research/security-advisories/jd-edwards-jdenet-type-8-dos