Login Sign Up

CVE-2022-21464

8.2 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers with network access via HTTP to cause denial of service (system hangs or crashes) and gain unauthorized read access to some data. It affects all systems running JD Edwards EnterpriseOne Tools prior to version 9.2.6.3. The vulnerability is in the Business Logic Infra SEC component.

💻 Affected Systems

Products:
  • Oracle JD Edwards EnterpriseOne Tools
Versions: Prior to 9.2.6.3
Operating Systems: All supported platforms for JD Edwards EnterpriseOne
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Business Logic Infra SEC component. All deployments with HTTP access are vulnerable.

📦 What is this software?

Jd Edwards Enterpriseone Tools by Oracle

View all CVEs affecting Jd Edwards Enterpriseone Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system outage with extended downtime and unauthorized access to sensitive business data, potentially leading to operational disruption and data breach.

🟠

Likely Case

Service disruption through denial of service attacks and limited data exposure from accessible data subsets.

🟢

If Mitigated

Minimal impact if systems are patched, network access is restricted, and proper monitoring is in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes it as 'easily exploitable' with no authentication required via HTTP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.6.3 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2022.html

Restart Required: Yes

Instructions:

1. Download the patch from Oracle Support. 2. Apply the patch following Oracle's JD Edwards patching procedures. 3. Restart affected services. 4. Test functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict HTTP access to JD Edwards EnterpriseOne Tools to trusted networks only

Web Application Firewall

all

Deploy WAF with rules to block suspicious HTTP requests to the Business Logic Infra SEC component

🧯 If You Can't Patch

  • Implement strict network access controls to limit HTTP access to only authorized users/systems
  • Deploy intrusion detection/prevention systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the JD Edwards EnterpriseOne Tools version. If it's prior to 9.2.6.3, the system is vulnerable.

Check Version:

Check through JD Edwards administration tools or consult system documentation for version verification

Verify Fix Applied:

Verify the system is running version 9.2.6.3 or later and test that HTTP requests to the Business Logic Infra SEC component no longer cause crashes or unauthorized data access.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to Business Logic Infra SEC endpoints
  • System crash/hang logs
  • Unauthorized access attempts

Network Indicators:

  • HTTP traffic patterns indicating DoS attempts
  • Unusual data extraction patterns

SIEM Query:

source="jde_logs" AND (event="crash" OR event="hang" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2022-21464
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Published: April 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON