CVE Catalog

CVE-2026-46913

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle, concerning the installation security component. It allows an unauthenticated attacker with access to the infrastructure where JD Edwards EnterpriseOne Tools runs to compromise the tool.

Risk Assessment

Attacks may significantly impact additional products, increasing the risk for the organization. Successful attacks can lead to complete takeover of JD Edwards EnterpriseOne Tools.

Recommendation

It is recommended to update to the latest version of JD Edwards EnterpriseOne Tools to minimize the risk associated with this vulnerability.

Original NVD description (English source)

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS