CVE Catalog

CVE-2026-46892

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

31th percentile — higher than 31% of all known CVEs

Summary

Vulnerability in JD Edwards EnterpriseOne Human Resources Management (version 9.2) allows an unauthenticated attacker to remotely compromise data confidentiality and integrity via HTTP. The attack can lead to unauthorized creation, deletion, or modification of critical data and full access to it.

Risk Assessment

The organization is exposed to complete loss of confidentiality and integrity of HR data, potentially resulting in leakage of sensitive information and non-compliance with data protection regulations.

Recommendation

Apply the security patch provided by Oracle for JD Edwards EnterpriseOne Human Resources Management version 9.2 immediately. Until then, restrict network access to the system to trusted IP addresses only.

Original NVD description (English source)

Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Human Resources Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Human Resources Management accessible data as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Human Resources Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS