cvelistv5 - cve-2021-2052

CVE-2021-2052 (GCVE-0-2021-2052)

Vulnerability from cvelistv5 – Published: 2021-01-20 14:50 – Updated: 2024-09-26 18:34

Summary

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.

Assigner

oracle

References

URL

Tags

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Oracle Corporation	JD Edwards EnterpriseOne Orchestrator	Affected: unspecified , < 9.2.5.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:32:02.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-2052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T18:13:26.130883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T18:34:04.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JD Edwards EnterpriseOne Orchestrator",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThan": "9.2.5.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:50:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-2052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JD Edwards EnterpriseOne Orchestrator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.2.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-2052",
    "datePublished": "2021-01-20T14:50:05",
    "dateReserved": "2020-12-09T00:00:00",
    "dateUpdated": "2024-09-26T18:34:04.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.5.1\", \"matchCriteriaId\": \"666110E3-BD76-443B-99A9-579FD5EA2891\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto JD Edwards EnterpriseOne Orchestrator de Oracle JD Edwards (componente: E1 IOT Orchestrator Security).\u0026#xa0;La versi\\u00f3n compatible que est\\u00e1 afectada es la anterior a 9.2.5.1.\u0026#xa0;Una vulnerabilidad f\\u00e1cilmente explotable permite a un atacante no autenticado con acceso de red por medio de HTTP comprometer a JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;Aunque la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Orchestrator, los ataques pueden afectar significativamente a productos adicionales.\u0026#xa0;Los ataques con \\u00e9xito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;CVSS 3.1 Puntuaci\\u00f3n Base 5.8 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\"}]",
      "id": "CVE-2021-2052",
      "lastModified": "2024-11-21T06:02:16.363",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-01-20T15:15:48.830",
      "references": "[{\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-2052\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2021-01-20T15:15:48.830\",\"lastModified\":\"2024-11-21T06:02:16.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto JD Edwards EnterpriseOne Orchestrator de Oracle JD Edwards (componente: E1 IOT Orchestrator Security).\u0026#xa0;La versi\u00f3n compatible que est\u00e1 afectada es la anterior a 9.2.5.1.\u0026#xa0;Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso de red por medio de HTTP comprometer a JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;Aunque la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Orchestrator, los ataques pueden afectar significativamente a productos adicionales.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.8 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.1\",\"matchCriteriaId\":\"666110E3-BD76-443B-99A9-579FD5EA2891\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"JD Edwards EnterpriseOne Orchestrator\", \"vendor\": \"Oracle Corporation\", \"versions\": [{\"lessThan\": \"9.2.5.1\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2021-01-20T14:50:05\", \"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"secalert_us@oracle.com\", \"ID\": \"CVE-2021-2052\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"JD Edwards EnterpriseOne Orchestrator\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_value\": \"9.2.5.1\"}]}}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).\"}]}, \"impact\": {\"cvss\": {\"baseScore\": \"5.8\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"refsource\": \"MISC\", \"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:32:02.755Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-2052\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-26T18:13:26.130883Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-26T18:14:03.536Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"assignerShortName\": \"oracle\", \"cveId\": \"CVE-2021-2052\", \"datePublished\": \"2021-01-20T14:50:05\", \"dateReserved\": \"2020-12-09T00:00:00\", \"dateUpdated\": \"2024-09-26T18:34:04.659Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2021-2052

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-2052

Aliases

CVE-2021-2052

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-2052",
    "description": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
    "id": "GSD-2021-2052"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-2052"
      ],
      "details": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
      "id": "GSD-2021-2052",
      "modified": "2023-12-13T01:23:14.771758Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2021-2052",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "JD Edwards EnterpriseOne Orchestrator",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "9.2.5.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "5.8",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-2052"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-01-26T18:41Z",
      "publishedDate": "2021-01-20T15:15Z"
    }
  }
}

CNVD-2021-08010

Vulnerability from cnvd - Published: 2021-02-01

Title

Oracle JD Edwards EnterpriseOne Orchestrator信息泄露漏洞

Description

Oracle JD Edwards Products是美国甲骨文（Oracle）公司的一款全面集成的企业资源计划管理软件套件（ERP），它提供财务管理、项目管理和资产生命周期管理等应用模块。 Oracle JD Edwards的JD Edwards EnterpriseOne Orchestrator 9.2.5.1之前版本的E1 IOT Orchestrator Security组件存在信息泄露漏洞。未经身份认证的攻击者可利用该漏洞通过HTTP网络访问破坏JD Edwards EnterpriseOne Orchestrator，对JD Edwards EnterpriseOne Orchestrator可访问数据的子集进行未经授权读取访问。

Severity

中

Patch Name

Oracle JD Edwards EnterpriseOne Orchestrator信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.oracle.com/security-alerts/cpujan2021.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-2052

Impacted products

Name
Oracle JD Edwards EnterpriseOne Orchestrator <9.2.5.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-2052",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-2052"
    }
  },
  "description": "Oracle JD Edwards Products\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5168\u9762\u96c6\u6210\u7684\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7ba1\u7406\u8f6f\u4ef6\u5957\u4ef6\uff08ERP\uff09\uff0c\u5b83\u63d0\u4f9b\u8d22\u52a1\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u8d44\u4ea7\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u5e94\u7528\u6a21\u5757\u3002\n\nOracle JD Edwards\u7684JD Edwards EnterpriseOne Orchestrator 9.2.5.1\u4e4b\u524d\u7248\u672c\u7684E1 IOT Orchestrator Security\u7ec4\u4ef6\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7HTTP\u7f51\u7edc\u8bbf\u95ee\u7834\u574fJD Edwards EnterpriseOne Orchestrator\uff0c\u5bf9JD Edwards EnterpriseOne Orchestrator\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u8bfb\u53d6\u8bbf\u95ee\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujan2021.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-08010",
  "openTime": "2021-02-01",
  "patchDescription": "Oracle JD Edwards Products\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5168\u9762\u96c6\u6210\u7684\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7ba1\u7406\u8f6f\u4ef6\u5957\u4ef6\uff08ERP\uff09\uff0c\u5b83\u63d0\u4f9b\u8d22\u52a1\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u8d44\u4ea7\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u5e94\u7528\u6a21\u5757\u3002\r\n\r\nOracle JD Edwards\u7684JD Edwards EnterpriseOne Orchestrator 9.2.5.1\u4e4b\u524d\u7248\u672c\u7684E1 IOT Orchestrator Security\u7ec4\u4ef6\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7HTTP\u7f51\u7edc\u8bbf\u95ee\u7834\u574fJD Edwards EnterpriseOne Orchestrator\uff0c\u5bf9JD Edwards EnterpriseOne Orchestrator\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u8bfb\u53d6\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle JD Edwards EnterpriseOne Orchestrator\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle JD Edwards EnterpriseOne Orchestrator \u003c9.2.5.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-2052",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-25",
  "title": "Oracle JD Edwards EnterpriseOne Orchestrator\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2021-2052

Vulnerability from fkie_nvd - Published: 2021-01-20 15:15 - Updated: 2024-11-21 06:02

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

References

	URL	Tags
	secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2021.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	oracle	jd_edwards_enterpriseone_orchestrator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "666110E3-BD76-443B-99A9-579FD5EA2891",
              "versionEndExcluding": "9.2.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Orchestrator de Oracle JD Edwards (componente: E1 IOT Orchestrator Security).\u0026#xa0;La versi\u00f3n compatible que est\u00e1 afectada es la anterior a 9.2.5.1.\u0026#xa0;Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso de red por medio de HTTP comprometer a JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;Aunque la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Orchestrator, los ataques pueden afectar significativamente a productos adicionales.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de JD Edwards EnterpriseOne Orchestrator.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.8 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2021-2052",
  "lastModified": "2024-11-21T06:02:16.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-01-20T15:15:48.830",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202101-0888

Vulnerability from variot - Updated: 2023-12-18 11:57

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0888",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jd edwards enterpriseone orchestrator",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "9.2.5.1"
      },
      {
        "model": "jd edwards enterpriseone orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": "9.2.5.1"
      },
      {
        "model": "jd edwards enterpriseone orchestrator",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      }
    ]
  },
  "cve": "CVE-2021-2052",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-2052",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-08010",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secalert_us@oracle.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001869",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-2052",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "secalert_us@oracle.com",
            "id": "CVE-2021-2052",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-08010",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-1386",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Oracle JD Edwards Products is a fully integrated enterprise resource planning management software suite (ERP) from Oracle Corporation of the United States. The product provides application modules such as financial management, project management and asset life cycle management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-2052",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "id": "VAR-202101-0888",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:57:41.617000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
        "trust": 0.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "title": "Patch for Oracle JD Edwards EnterpriseOne Orchestrator Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/246166"
      },
      {
        "title": "Oracle JD Edwards Products Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139639"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-2052"
      },
      {
        "trust": 1.6,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "date": "2021-06-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "date": "2021-01-20T15:15:48.830000",
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "date": "2021-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-08010"
      },
      {
        "date": "2021-06-10T05:39:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      },
      {
        "date": "2021-01-26T18:41:27.933000",
        "db": "NVD",
        "id": "CVE-2021-2052"
      },
      {
        "date": "2021-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oracle\u00a0JD\u00a0Edwards\u00a0 of \u00a0JD\u00a0Edwards\u00a0EnterpriseOne\u00a0Orchestrator\u00a0 In \u00a0E1\u00a0IOT\u00a0Orchestrator\u00a0Security\u00a0 Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001869"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1386"
      }
    ],
    "trust": 0.6
  }
}

GHSA-9V5H-24HM-5JW8

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-2052"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
  "id": "GHSA-9v5h-24hm-5jw8",
  "modified": "2022-05-24T17:39:49Z",
  "published": "2022-05-24T17:39:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2052"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-2052 (GCVE-0-2021-2052)

GSD-2021-2052

CNVD-2021-08010

FKIE_CVE-2021-2052

VAR-202101-0888

GHSA-9V5H-24HM-5JW8

Tags

Sightings

Nomenclature