ID

VAR-202101-0888


CVE

CVE-2021-2052


TITLE

Oracle JD Edwards  of  JD Edwards EnterpriseOne Orchestrator  In  E1 IOT Orchestrator Security  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001869

DESCRIPTION

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Oracle JD Edwards Products is a fully integrated enterprise resource planning management software suite (ERP) from Oracle Corporation of the United States. The product provides application modules such as financial management, project management and asset life cycle management

Trust: 2.7

sources: NVD: CVE-2021-2052 // JVNDB: JVNDB-2021-001869 // CNVD: CNVD-2021-08010 // CNNVD: CNNVD-202101-1386

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-08010

AFFECTED PRODUCTS

vendor:oraclemodel:jd edwards enterpriseone orchestratorscope:ltversion:9.2.5.1

Trust: 1.6

vendor:オラクルmodel:jd edwards enterpriseone orchestratorscope:eqversion:9.2.5.1

Trust: 0.8

vendor:オラクルmodel:jd edwards enterpriseone orchestratorscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // NVD: CVE-2021-2052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2052
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2052
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-2052
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-08010
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202101-1386
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-2052
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-08010
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

secalert_us@oracle.com: CVE-2021-2052
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001869
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052 // NVD: CVE-2021-2052

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001869 // NVD: CVE-2021-2052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1386

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1386

PATCH

title:Oracle Critical Patch Update Advisory - January 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 0.8

title:Patch for Oracle JD Edwards EnterpriseOne Orchestrator Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/246166

Trust: 0.6

title:Oracle JD Edwards Products Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139639

Trust: 0.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386

EXTERNAL IDS

db:NVDid:CVE-2021-2052

Trust: 3.0

db:JVNDBid:JVNDB-2021-001869

Trust: 0.8

db:CNVDid:CNVD-2021-08010

Trust: 0.6

db:CNNVDid:CNNVD-202101-1386

Trust: 0.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-2052

Trust: 2.0

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052

SOURCES

db:CNVDid:CNVD-2021-08010
db:JVNDBid:JVNDB-2021-001869
db:CNNVDid:CNNVD-202101-1386
db:NVDid:CVE-2021-2052

LAST UPDATE DATE

2024-08-14T14:50:25.133000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-08010date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2021-001869date:2021-06-10T05:39:00
db:CNNVDid:CNNVD-202101-1386date:2021-02-01T00:00:00
db:NVDid:CVE-2021-2052date:2021-01-26T18:41:27.933

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-08010date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2021-001869date:2021-06-10T00:00:00
db:CNNVDid:CNNVD-202101-1386date:2021-01-19T00:00:00
db:NVDid:CVE-2021-2052date:2021-01-20T15:15:48.830