CVE Catalog

CVE-2026-46908

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

A vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle allows a low privileged attacker with network access via HTTP to compromise the system. The impact of this vulnerability may also affect additional products, increasing the scope of potential attacks.

Risk Assessment

Successful attacks can lead to the takeover of JD Edwards EnterpriseOne Accounts Payable, significantly impacting data security and organizational operations.

Recommendation

It is recommended to update to the latest version of the software and implement appropriate security measures to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Accounts Payable. While the vulnerability is in JD Edwards EnterpriseOne Accounts Payable, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Accounts Payable. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS