Details of VAR-202101-0888

ID

VAR-202101-0888

CVE

CVE-2021-2052

TITLE

Oracle JD Edwards of JD Edwards EnterpriseOne Orchestrator In E1 IOT Orchestrator Security Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001869

DESCRIPTION

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. While the vulnerability is in JD Edwards EnterpriseOne Orchestrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). Oracle JD Edwards Products is a fully integrated enterprise resource planning management software suite (ERP) from Oracle Corporation of the United States. The product provides application modules such as financial management, project management and asset life cycle management

Trust: 2.7

sources: NVD: CVE-2021-2052 // JVNDB: JVNDB-2021-001869 // CNVD: CNVD-2021-08010 // CNNVD: CNNVD-202101-1386

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-08010

AFFECTED PRODUCTS

vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.5.1	Trust: 1.6
vendor:	オラクル	model:	jd edwards enterpriseone orchestrator	scope:	eq	version:	9.2.5.1	Trust: 0.8
vendor:	オラクル	model:	jd edwards enterpriseone orchestrator	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // NVD: CVE-2021-2052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-2052
value:	MEDIUM
Trust: 1.0
secalert_us@oracle.com:	CVE-2021-2052
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-2052
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-08010
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-1386
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-2052
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-08010
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

secalert_us@oracle.com:	CVE-2021-2052
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-001869
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052 // NVD: CVE-2021-2052

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001869 // NVD: CVE-2021-2052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1386

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1386

PATCH

title:	Oracle Critical Patch Update Advisory - January 2021 Oracle Critical Patch Update	url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 0.8
title:	Patch for Oracle JD Edwards EnterpriseOne Orchestrator Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/246166	Trust: 0.6
title:	Oracle JD Edwards Products Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139639	Trust: 0.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386

EXTERNAL IDS

db:	NVD	id:	CVE-2021-2052	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-001869	Trust: 0.8
db:	CNVD	id:	CNVD-2021-08010	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1386	Trust: 0.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-2052	Trust: 2.0
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.6

sources: CNVD: CNVD-2021-08010 // JVNDB: JVNDB-2021-001869 // CNNVD: CNNVD-202101-1386 // NVD: CVE-2021-2052

SOURCES

db:	CNVD	id:	CNVD-2021-08010
db:	JVNDB	id:	JVNDB-2021-001869
db:	CNNVD	id:	CNNVD-202101-1386
db:	NVD	id:	CVE-2021-2052

LAST UPDATE DATE

2024-11-23T22:44:17.916000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-08010	date:	2021-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001869	date:	2021-06-10T05:39:00
db:	CNNVD	id:	CNNVD-202101-1386	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-2052	date:	2024-11-21T06:02:16.363

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-08010	date:	2021-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001869	date:	2021-06-10T00:00:00
db:	CNNVD	id:	CNNVD-202101-1386	date:	2021-01-19T00:00:00
db:	NVD	id:	CVE-2021-2052	date:	2021-01-20T15:15:48.830