CVE Catalog

CVE-2026-46912

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle, concerning the Web Runtime Security component, allows easy exploitation by an unauthenticated attacker with network access via HTTP. Attacks may lead to unauthorized access to critical data and complete access to all data available in JD Edwards EnterpriseOne Tools.

Risk Assessment

The risk to the organization is high as attacks can result in unauthorized access to sensitive data and the ability to modify it, potentially leading to serious consequences for data integrity.

Recommendation

It is recommended to promptly update JD Edwards EnterpriseOne Tools to the latest version to mitigate this vulnerability and to restrict access to the system only to authorized users.

Original NVD description (English source)

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS