From 6c8cbec39094c94c17936f4d8235b4cd45569be4 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 21 Sep 2022 16:59:41 +0530 Subject: [PATCH] Update CVE-2020-2733.yaml --- cves/2020/CVE-2020-2733.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cves/2020/CVE-2020-2733.yaml b/cves/2020/CVE-2020-2733.yaml index 6f7ef28d1f..99026d0a66 100644 --- a/cves/2020/CVE-2020-2733.yaml +++ b/cves/2020/CVE-2020-2733.yaml @@ -1,19 +1,21 @@ id: CVE-2020-2733 info: - name: JD Edwards EnterpriseOne Tools admin password not adequately protected + name: JD Edwards EnterpriseOne Tools - Admin Password Disclosure author: DhiyaneshDk,pussycat0x severity: critical - description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. + description: | + Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. reference: - https://redrays.io/cve-2020-2733-jd-edwards/ - https://www.oracle.com/security-alerts/cpuapr2020.html - https://nvd.nist.gov/vuln/detail/CVE-2020-2733 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2733 + classification: + cve-id: CVE-2020-2733 metadata: verified: true - shodan-query: product:"Oracle WebLogic Server" - tags: cve,cve2020,oracle,weblogic + shodan-query: port:8999 product:"Oracle WebLogic Server" + tags: cve,cve2020,oracle,weblogic,disclosure requests: - method: GET @@ -26,7 +28,6 @@ requests: part: body words: - 'ACHCJK' - condition: and - type: word part: header