CVE-2025-30740

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30740
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2025.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
History

21 Apr 2025, 19:17

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
First Time Oracle
Oracle jd Edwards Enterpriseone Tools
References () https://www.oracle.com/security-alerts/cpuapr2025.html - () https://www.oracle.com/security-alerts/cpuapr2025.html - Patch, Vendor Advisory

16 Apr 2025, 15:16

Type Values Removed Values Added
CWE CWE-284

16 Apr 2025, 13:25

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son 9.2.0.0-9.2.9.2. Esta vulnerabilidad, fácilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a través de HTTP comprometer JD Edwards EnterpriseOne Tools. Los ataques con éxito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos críticos o en el acceso completo a todos los datos accesibles de JD Edwards EnterpriseOne Tools. Puntuación base de CVSS 3.1: 6.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

15 Apr 2025, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-15 21:16

Updated : 2025-04-21 19:17

NVD link : CVE-2025-30740

Mitre link : CVE-2025-30740

CVE.ORG link : CVE-2025-30740

JSON object : View

Products Affected

oracle

  • jd_edwards_enterpriseone_tools
CWE
CWE-284

Improper Access Control