CVE-2020-2733

CVSS 9.8 CRITICALEPSS 18.6%

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 18.6%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

15 Apr 2020Published on NVD

19 Aug 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Oracle Corporation · JD Edwards EnterpriseOne Tools

public PoCs found — 1

githubgithub.com/anmolksachan/CVE-2020-2733★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.oracle.com/security-alerts/cpuapr2020.html