CVE-2016-0422

Severity

71%

Complexity

86%

Confidentiality

115%

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0424.

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0424.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Oracle JD Edwards Products

First reported 9 years ago

2016-01-21 02:59:00

Last updated 7 years ago

2018-02-20 02:29:00

Affected Software

Oracle JD Edwards Products 9.1

9.1

Oracle JD Edwards Products 9.2

9.2

References

http://packetstormsecurity.com/files/138507/JD-Edwards-9.1-EnterpriseOne-Server-JDENet-Password-Disclosure.html

20160825 Onapsis Security Advisory ONAPSIS-2016-009: JD Edwards JDENet Password Disclosure

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Vendor Advisory

1034722

https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-password-disclosure

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.