CNNVD-202507-1976 Information

CNNVD ID

CNNVD-202507-1976

Related CVE

CVE-2025-30760

• CNNVD Published: 2025-07-15

Description (Chinese)

Oracle JD Edwards是美国甲骨文（Oracle）公司的一套全面集成的企业资源计划管理软件套件（ERP）。该产品提供财务管理、项目管理和资产生命周期管理等应用模块。 Oracle JD Edwards的JD Edwards EnterpriseOne Tools 9.2.0.0至9.2.9.3版本存在安全漏洞，该漏洞源于低权限攻击者可通过HTTP网络访问进行攻击，可能导致数据未授权访问和修改。

Description (English)

Oracle JD Edwards is a fully integrated enterprise resource planning (ERP) software package for Oracle. The product provides application modules for financial management, project management and asset life cycle management. Security loopholes exist in versions 9.2.0.0 to 9.2.9.3 of JD Edwards JD Edwards, which originate from low-authorized attackers who can attack via HTTP network, which may lead to unauthorized data access and modification.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

OrangeHRM

Published

2025-07-15

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpujul2025.html https://nvd.nist.gov/vuln/detail/CVE-2025-30760

Patch

https://www.oracle.com/security-alerts/cpujul2025.html