cvelist/2022/21xxx/CVE-2022-21561.json

    {
        "data_type": "CVE",
        "data_format": "MITRE",
        "data_version": "4.0",
        "CVE_data_meta": {
            "ASSIGNER": "secalert_us@oracle.com",
            "ID": "CVE-2022-21561"
        },
        "affects": {
            "vendor": {
                "vendor_data": [
                    {
                        "product": {
                            "product_data": [
                                {
                                    "product_name": "JD Edwards EnterpriseOne Tools",
                                    "version": {
                                        "version_data": [
                                            {
                                                "version_value": "9.2.6.3 and prior",
                                                "version_affected": "="
                                            }
                                        ]
                                    }
                                }
                            ]
                        },
                        "vendor_name": "Oracle Corporation"
                    }
                ]
            }
        },
        "description": {
            "description_data": [
                {
                    "lang": "eng",
                    "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime).  Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
                }
            ]
        },
        "impact": {
            "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            }
        },
        "problemtype": {
            "problemtype_data": [
                {
                    "description": [
                        {
                            "lang": "eng",
                            "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data."
                        }
                    ]
                }
            ]
        },
        "references": {
            "reference_data": [
                {
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                }
            ]
        }
    }
Oracle CPU JUly 2022 On branch cna/Oracle/CPU2022Jul Changes to be committed: modified: 2021/2xxx/CVE-2021-2351.json modified: 2022/21xxx/CVE-2022-21428.json modified: 2022/21xxx/CVE-2022-21429.json modified: 2022/21xxx/CVE-2022-21432.json modified: 2022/21xxx/CVE-2022-21439.json modified: 2022/21xxx/CVE-2022-21455.json modified: 2022/21xxx/CVE-2022-21500.json modified: 2022/21xxx/CVE-2022-21508.json modified: 2022/21xxx/CVE-2022-21509.json modified: 2022/21xxx/CVE-2022-21510.json modified: 2022/21xxx/CVE-2022-21511.json modified: 2022/21xxx/CVE-2022-21512.json modified: 2022/21xxx/CVE-2022-21513.json modified: 2022/21xxx/CVE-2022-21514.json modified: 2022/21xxx/CVE-2022-21515.json modified: 2022/21xxx/CVE-2022-21516.json modified: 2022/21xxx/CVE-2022-21517.json modified: 2022/21xxx/CVE-2022-21518.json modified: 2022/21xxx/CVE-2022-21519.json modified: 2022/21xxx/CVE-2022-21520.json modified: 2022/21xxx/CVE-2022-21521.json modified: 2022/21xxx/CVE-2022-21522.json modified: 2022/21xxx/CVE-2022-21523.json modified: 2022/21xxx/CVE-2022-21524.json modified: 2022/21xxx/CVE-2022-21525.json modified: 2022/21xxx/CVE-2022-21526.json modified: 2022/21xxx/CVE-2022-21527.json modified: 2022/21xxx/CVE-2022-21528.json modified: 2022/21xxx/CVE-2022-21529.json modified: 2022/21xxx/CVE-2022-21530.json modified: 2022/21xxx/CVE-2022-21531.json modified: 2022/21xxx/CVE-2022-21532.json modified: 2022/21xxx/CVE-2022-21533.json modified: 2022/21xxx/CVE-2022-21534.json modified: 2022/21xxx/CVE-2022-21535.json modified: 2022/21xxx/CVE-2022-21536.json modified: 2022/21xxx/CVE-2022-21537.json modified: 2022/21xxx/CVE-2022-21538.json modified: 2022/21xxx/CVE-2022-21539.json modified: 2022/21xxx/CVE-2022-21540.json modified: 2022/21xxx/CVE-2022-21541.json modified: 2022/21xxx/CVE-2022-21542.json modified: 2022/21xxx/CVE-2022-21543.json modified: 2022/21xxx/CVE-2022-21544.json modified: 2022/21xxx/CVE-2022-21545.json modified: 2022/21xxx/CVE-2022-21547.json modified: 2022/21xxx/CVE-2022-21548.json modified: 2022/21xxx/CVE-2022-21549.json modified: 2022/21xxx/CVE-2022-21550.json modified: 2022/21xxx/CVE-2022-21551.json modified: 2022/21xxx/CVE-2022-21552.json modified: 2022/21xxx/CVE-2022-21553.json modified: 2022/21xxx/CVE-2022-21554.json modified: 2022/21xxx/CVE-2022-21555.json modified: 2022/21xxx/CVE-2022-21556.json modified: 2022/21xxx/CVE-2022-21557.json modified: 2022/21xxx/CVE-2022-21558.json modified: 2022/21xxx/CVE-2022-21559.json modified: 2022/21xxx/CVE-2022-21560.json modified: 2022/21xxx/CVE-2022-21561.json modified: 2022/21xxx/CVE-2022-21562.json modified: 2022/21xxx/CVE-2022-21563.json modified: 2022/21xxx/CVE-2022-21564.json modified: 2022/21xxx/CVE-2022-21565.json modified: 2022/21xxx/CVE-2022-21566.json modified: 2022/21xxx/CVE-2022-21567.json modified: 2022/21xxx/CVE-2022-21568.json modified: 2022/21xxx/CVE-2022-21569.json modified: 2022/21xxx/CVE-2022-21570.json modified: 2022/21xxx/CVE-2022-21571.json modified: 2022/21xxx/CVE-2022-21572.json modified: 2022/21xxx/CVE-2022-21573.json modified: 2022/21xxx/CVE-2022-21574.json modified: 2022/21xxx/CVE-2022-21575.json modified: 2022/21xxx/CVE-2022-21576.json modified: 2022/21xxx/CVE-2022-21577.json modified: 2022/21xxx/CVE-2022-21578.json modified: 2022/21xxx/CVE-2022-21579.json modified: 2022/21xxx/CVE-2022-21580.json modified: 2022/21xxx/CVE-2022-21581.json modified: 2022/21xxx/CVE-2022-21582.json modified: 2022/21xxx/CVE-2022-21583.json modified: 2022/21xxx/CVE-2022-21584.json modified: 2022/21xxx/CVE-2022-21585.json modified: 2022/21xxx/CVE-2022-21586.json 2022-07-19 14:00:19 -07:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ASSIGNER": "secalert_us@oracle.com",`
			`"ID": "CVE-2022-21561"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "JD Edwards EnterpriseOne Tools",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "9.2.6.3 and prior",`
			`"version_affected": "="`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Oracle Corporation"`
			`}`
			`]`
			`}`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"baseScore": "6.5",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data."`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.oracle.com/security-alerts/cpujul2022.html"`
			`}`
			`]`
			`}`
			`}`