CVE Catalog

CVE-2026-46907

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle allows a low privileged attacker with network access via HTTP to compromise the system. Attacks may significantly impact additional products, increasing the scope of the threat.

Risk Assessment

This vulnerability can lead to the complete takeover of the JD Edwards EnterpriseOne Order Promising system, which may have serious consequences for the integrity and availability of data.

Recommendation

It is recommended to update to the latest version of the software and implement appropriate security measures to restrict access to the system only to authorized users.

Original NVD description (English source)

Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle JD Edwards (component: Order Promising Integration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Order Promising. While the vulnerability is in JD Edwards EnterpriseOne Order Promising, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Order Promising. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS