Lucene search

Jd Edwards Enterpriseone Tools Security Vulnerabilities - April 2020

cve

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patch...

6.9CVSS

6.8AI Score

0.023EPSS

2020-04-29 09:15 PM

5502

In Wild

cve

CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

8.1CVSS

8AI Score

0.05EPSS

2020-04-07 11:15 PM

183

cve

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

8.1CVSS

8AI Score

0.043EPSS

2020-04-07 11:15 PM

126

cve

CVE-2020-2733

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

9.8CVSS

9.1AI Score

0.348EPSS

2020-04-15 02:15 PM