CNNVD-202510-2678 Information
CNNVD ID
CNNVD-202510-2678
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
Oracle JD Edwards是美国甲骨文(Oracle)公司的一套全面集成的企业资源计划管理软件套件(ERP)。该产品提供财务管理、项目管理和资产生命周期管理等应用模块。 Oracle JD Edwards的JD Edwards EnterpriseOne Tools 9.2.0.0版本至9.2.9.4版本存在安全漏洞,该漏洞源于Web Runtime SEC组件存在访问控制不当,可能导致未经授权的数据访问和修改。
Description (English)
Oracle JD Edwards is a fully integrated enterprise resource planning (ERP) software package for Oracle. The product provides application modules for financial management, project management and asset life cycle management. Security gaps exist between versions 9.2.0 and 9.2.1.4 of JD Edwards EnterpriseOne Tools of Oracle JD Edwards, which stem from inappropriate access controls of the Web Runtme SEC component, which may lead to unauthorized data access and modification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
甲骨文
Published
2025-10-21
Last Modified
2026-02-24
References
https://www.oracle.com/security-alerts/cpuoct2025.html https://access.redhat.com/security/cve/cve-2025-53060
Patch
https://www.oracle.com/security-alerts/cpuoct2025.html
Share on: