94 matches found
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system, which allows a hacker to trigger a service failure.
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain access to read, modify, and delete files.
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete files...
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools, a resource management system for enterprises, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2025-21538
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
CVE-2025-21513
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
CVE-2025-21509
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
CVE-2025-21514
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
CVE-2025-21511
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
CVE-2025-21515
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
CVE-2025-21507
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
PT-2024-10307 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to the use of open redirection in the Web Runtime SEC component of JD Edwards EnterpriseOne Tools. This allows an unauthenticated attacker with network...
PT-2024-10262 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. This easily exploitable vulnerability allows an unauthenticated attacker with networ...
PT-2024-10263 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to the Web Runtime SEC component and can be easily exploited, allowing an unauthenticated attacker with network access via HTTP to compromise JD Edward...
PT-2024-10265 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in the unauthorized...
CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...
CVE-2024-52587
The CVE applies to StepSecurity Harden-Runner. Versions prior to v2.10.2 contain multiple command-injection weaknesses via environment variables in setup.ts and arc-runner.ts, exploitable under specific conditions. However, the documentation notes that due to GitHub Actions pre-step execution ord...
CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...
CVE-2024-21150
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
PT-2023-9320 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.8.2 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. It allows an unauthenticated attacker with network access via HTTP to compromise JD...
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain read access to data and modify it.
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves errors in processing input data. Exploiting this vulnerability can allow an attacker to gain read access to data and modify it...