CVE-2026-46913
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle, concerning the installation security component. It allows an unauthenticated attacker with access to the infrastructure where JD Edwards EnterpriseOne Tools runs to compromise the tool.
Risk Assessment
Attacks may significantly impact additional products, increasing the risk for the organization. Successful attacks can lead to complete takeover of JD Edwards EnterpriseOne Tools.
Recommendation
It is recommended to update to the latest version of JD Edwards EnterpriseOne Tools to minimize the risk associated with this vulnerability.
Original NVD description (English source)
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

