CVE-2020-2733

CRITICAL NUCLEI

Oracle JD Edwards <9.2 - RCE

Title source: llm

Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

nomisec WORKING POC 1 stars

by anmolksachan · poc

https://github.com/anmolksachan/CVE-2020-2733

View Code ZIP pw:eip

Nuclei Templates (1)

JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure

CRITICALVERIFIEDby DhiyaneshDk,pussycat0x

Shodan: port:8999 product:"Oracle WebLogic Server" || port:8999 product:"oracle weblogic server"

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

Scores

CVSS v3 9.8

EPSS 0.8888

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

oracle/jd_edwards_enterpriseone_tools 9.2

Published Apr 15, 2020

Tracked Since Feb 18, 2026