Lucene search
K

94 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system, which allows a hacker to trigger a service failure.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

6.8CVSS7.7AI score0.00661EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.7 views

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain access to read, modify, and delete files.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete files...

4.3CVSS7.7AI score0.0039EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools, a resource management system for enterprises, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

5.3CVSS7.7AI score0.00477EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/21 9:15 p.m.5 views

CVE-2025-21538

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

6.1CVSS5.8AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 9:15 p.m.5 views

CVE-2025-21513

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

6.1CVSS5.8AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 9:15 p.m.5 views

CVE-2025-21509

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

6.5CVSS5.8AI score0.00661EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 9:15 p.m.5 views

CVE-2025-21514

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

5.3CVSS5.8AI score0.00477EPSS
Exploits0References1
OSV
OSV
added 2025/01/21 9:15 p.m.2 views

CVE-2025-21511

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

7.5CVSS7.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/01/21 9:15 p.m.2 views

CVE-2025-21515

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

8.8CVSS7.3AI score0.00642EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 9:15 p.m.8 views

CVE-2025-21507

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

5.4CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.5 views

PT-2024-10307 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to the use of open redirection in the Web Runtime SEC component of JD Edwards EnterpriseOne Tools. This allows an unauthenticated attacker with network...

6.4CVSS8.2AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.7 views

PT-2024-10262 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. This easily exploitable vulnerability allows an unauthenticated attacker with networ...

5.3CVSS8.3AI score0.00477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.5 views

PT-2024-10263 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to the Web Runtime SEC component and can be easily exploited, allowing an unauthenticated attacker with network access via HTTP to compromise JD Edward...

6.8CVSS7.7AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.6 views

PT-2024-10265 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in the unauthorized...

6.8CVSS9.2AI score0.00661EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/18 10:3 p.m.14 views

CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...

6.9CVSS7.5AI score0.02684EPSS
Exploits0References8
CVE
CVE
added 2024/11/18 10:3 p.m.63 views

CVE-2024-52587

The CVE applies to StepSecurity Harden-Runner. Versions prior to v2.10.2 contain multiple command-injection weaknesses via environment variables in setup.ts and arc-runner.ts, exploitable under specific conditions. However, the documentation notes that due to GitHub Actions pre-step execution ord...

8.8CVSS9AI score0.02684EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/18 10:3 p.m.23 views

CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...

6.9CVSS0.02684EPSS
Exploits0References8
OSV
OSV
added 2024/07/16 11:15 p.m.7 views

CVE-2024-21150

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

6.1CVSS7.3AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.7 views

PT-2023-9320 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.8.2 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. It allows an unauthenticated attacker with network access via HTTP to compromise JD...

6.4CVSS7.2AI score0.00309EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/07/28 12:0 a.m.5 views

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves errors in processing input data. Exploiting this vulnerability can allow an attacker to gain read access to data and modify it...

6.4CVSS6.8AI score0.00327EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder