CVE-2026-46907
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle allows a low privileged attacker with network access via HTTP to compromise the system. Attacks may significantly impact additional products, increasing the scope of the threat.
Risk Assessment
This vulnerability can lead to the complete takeover of the JD Edwards EnterpriseOne Order Promising system, which may have serious consequences for the integrity and availability of data.
Recommendation
It is recommended to update to the latest version of the software and implement appropriate security measures to restrict access to the system only to authorized users.
Original NVD description (English source)
Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle JD Edwards (component: Order Promising Integration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Order Promising. While the vulnerability is in JD Edwards EnterpriseOne Order Promising, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Order Promising. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

