Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC component that may allow a remote attacker to use a crafted message to disable logging.

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2011-0823 (see also: NVD)
• Secunia Advisory ID: 44279
• Related OSVDB ID: 71913 71914 71915 71916 71917 71918 71919 71921 71922 71924 71925
• Mail List Post: http://seclists.org/fulldisclosure/2011/Apr/455
• News Article: http://www.computerworld.com/s/article/9215838/Oracle_to_fix_73_security_bugs_next_week
• Other Advisory URL: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-10 [ Auth Req'd ]
• Vendor Specific Solution URL: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixJDE

• Not Available