Main Vulnerability Database Vulnerabilities #VU40934

Input validation error in JD Edwards EnterpriseOne Tools - CVE-2014-6565

Published: January 21, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40934

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-6565

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
JD Edwards EnterpriseOne Tools

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC.

How to mitigate CVE-2014-6565

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securitytracker.com/id/1031573

Input validation error in JD Edwards EnterpriseOne Tools - CVE-2014-6565

Detailed vulnerability description

How to mitigate CVE-2014-6565

Sources

Please verify you're human