CVE-2026-46908
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
A vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle allows a low privileged attacker with network access via HTTP to compromise the system. The impact of this vulnerability may also affect additional products, increasing the scope of potential attacks.
Risk Assessment
Successful attacks can lead to the takeover of JD Edwards EnterpriseOne Accounts Payable, significantly impacting data security and organizational operations.
Recommendation
It is recommended to update to the latest version of the software and implement appropriate security measures to minimize the risk of exploitation of this vulnerability.
Original NVD description (English source)
Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Accounts Payable. While the vulnerability is in JD Edwards EnterpriseOne Accounts Payable, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Accounts Payable. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

