CVE-2025-21524

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-306
View all →

Vulnerability Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Related Vulnerabilities

CVE-2006-0061

CRITICAL
CVSS:9.8(Critical)

xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.

CWE-3062006

CVE-2006-0062

CRITICAL
CVSS:9.8(Critical)

xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.

CWE-3062006

CVE-2014-3449

CRITICAL
CVSS:9.8(Critical)

BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability

CWE-3062014

CVE-2015-2888

CRITICAL
CVSS:9.8(Critical)

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

CWE-3062015

CVE-2016-2004

CRITICAL
CVSS:9.8(Critical)

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerab...

CWE-3062016

CVE-2016-5053

CRITICAL
CVSS:9.8(Critical)

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.

CWE-3062016