Vulnerabilities in JD Edwards EnterpriseOne can cause ransomware infections in your whole network

Specialists in a hacking course report the discovery of three vulnerabilities in JD Edwards EnterpriseOne, a suite of enterprise resource planning software developed by Oracle. According to the report, exploiting these vulnerabilities could lead to malicious scenarios, such as the execution of arbitrary code, among others.

Below are brief descriptions of reported flaws, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-9546: Incorrect input validation when processing serialized data in EnterpriseOne Orchestrator would allow threat actors to run arbitrary code on the target system. Remote hackers could pass specially designed data to the vulnerable application to complete the attack, which could result in full system compromise.

This is a critical flaw, so it received a CVSS score of 8.5/10.

CVE-2020-9488: The SMTP Appendix of Apache Log4j does not validate SSL certificates correctly, which would allow the deployment of Man-in-The-Middle (MiTM) attacks in EnterpriseOne Tools. This is a low severity flaw, so it received a score of 3.7/10, according to specialists in a hacking course.

CVE-2020-9546: An insecure input validation when processing serialized data between serialization and typing devices could allow arbitrary code to run on the target system. Remote threat actors can exploit the flaw by sending specially designed data to EnterpriseOne Tools.

Successful exploitation of the flaw could lead to the total commitment of the affected system. This vulnerability received a score of 8.5/10, so it is considered high severity.

While the flaws can be exploited by remote threat actors, researchers have not yet detected attempts to exploit in real-world scenarios, or the existence of some malware variant related to the attack.

The full list of affected versions is found on Oracle’s official platforms, mentioning the specialists of a hacking course. The company acknowledged the flaws shortly after receiving the report, so they began working on the corrections immediately.

Updates are now available, so users of affected deployments should only verify their correct installation. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.