Attention: To align with new corporate security policies, and to match policies adopted by other communities within Oracle, the My Oracle Support Community access requirements will change beginning September 18, 2025. MOSC will now require that member accounts in our community be associated to a *corporate* email address. This means that users with generic domains (such as gmail.com, yahoo.com, and others) will no longer be granted access to the discussion forums and ideas labs. If this policy affects you, act now to change the email address that is associated with your Oracle (and community) account. Alternatively, you can opt to create a new Oracle account that uses your corporate email domain.

CNC, DB and Operating System - JDE1 (MOSC)

CVE-2015-0475 - JD Edwards EnterpriseOne Tools Critical Patch Update Pre-installation Note

Apr 15, 2015 11:06AM edited Apr 15, 2015 1:35PM in CNC, DB and Operating System - JDE1 (MOSC) 2 commentsAnswered

Hi all,

I read this sentences but could help me to understand more about it? such as examplease..?I means how could from developer client fat access?, ..?

CVE-2015-0475 Vulnerability in the JD Edwards EnterpriseOne HTML Server component of Oracle JD Edwards Products (subcomponent: Web

Runtime Security). The supported version that is affected is 9.1. The vulnerability requires development client access in order to get the

information necessary to exploit and bypass action security in web client. Successful attack of this vulnerability can result in unauthorized access

to a subset of JD Edwards EnterpriseOne Technology accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector:

0

Howdy, Stranger!

To view full details, sign in to My Oracle Support Community.

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month