CVE-2026-46892
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
Vulnerability in JD Edwards EnterpriseOne Human Resources Management (version 9.2) allows an unauthenticated attacker to remotely compromise data confidentiality and integrity via HTTP. The attack can lead to unauthorized creation, deletion, or modification of critical data and full access to it.
Risk Assessment
The organization is exposed to complete loss of confidentiality and integrity of HR data, potentially resulting in leakage of sensitive information and non-compliance with data protection regulations.
Recommendation
Apply the security patch provided by Oracle for JD Edwards EnterpriseOne Human Resources Management version 9.2 immediately. Until then, restrict network access to the system to trusted IP addresses only.
Original NVD description (English source)
Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Human Resources Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Human Resources Management accessible data as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Human Resources Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

