CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-46907

Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle JD Edwards (component: Order Promising Integration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Order Promising. While the vulnerability is in JD Edwards EnterpriseOne Order Promising, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Order Promising. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 31.9%

CVSS Severity

CVSS v3 Score 9.9

References

https://www.oracle.com/security-alerts/cspujun2026.html

Products affected by CVE-2026-46907

Oracle » Jd Edwards Enterpriseone Global Order Promising » Version: 9.2

cpe:2.3:a:oracle:jd_edwards_enterpriseone_global_order_promising:9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-46907

Products

Pricing

Contact Us