Oracle JD Edwards EnterpriseOne Tools Enterprise
Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC Information Disclosure
Release Date : 2013-01-16
Criticality level : Less critical
Impact: Exposure of sensitive information
Where: From local network
Solution Status : Vendor Patch
Software: JD Edwards EnterpriseOne Tools 24.x
JD Edwards EnterpriseOne Tools 8.x
JD Edwards EnterpriseOne Tools 9.x
A vulnerability has been reported in Oracle JD Edwards EnterpriseOne Tools, which can be exploited by malicious users to gain knowledge of certain sensitive information.
The vulnerability is caused due to an unspecified error in the Enterprise Infrastructure SEC sub-component and can be exploited via JDENET to read a subset of application accessible data.
The vulnerability is reported in versions 8.98, 9.1, and 24.
Provided and/or discovered by:
It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.