Skip to main content

Jd Edwards Enterpriseone Order Promising

1 CVEs product

Monthly

CVE-2026-46907 CRITICAL Act Now

Takeover of Oracle JD Edwards EnterpriseOne Order Promising 9.2 is possible by a low-privileged remote attacker through the Order Promising Integration component over HTTP. The flaw produces a CVSS 3.1 scope change, meaning successful exploitation can significantly impact other interconnected products in the JD Edwards ecosystem. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Jd Edwards Enterpriseone Order Promising Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Takeover of Oracle JD Edwards EnterpriseOne Order Promising 9.2 is possible by a low-privileged remote attacker through the Order Promising Integration component over HTTP. The flaw produces a CVSS 3.1 scope change, meaning successful exploitation can significantly impact other interconnected products in the JD Edwards ecosystem. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Jd Edwards Enterpriseone Order Promising Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy