Unauthorized Access Vulnerability in JD Edwards EnterpriseOne Human Resources Management by Oracle
CVE-2026-46892

9.1CRITICAL

What is CVE-2026-46892?

A security flaw identified in the JD Edwards EnterpriseOne Human Resources Management product of Oracle allows unauthenticated attackers with network access via HTTP to exploit the system. This can lead to unauthorized creation, deletion, or modification of critical data within the JD Edwards EnterpriseOne platform. Attackers could gain access to essential human resources information, compromising confidentiality and integrity of the data. Organizations utilizing the affected version, 9.2, should take immediate action to mitigate this security risk.

Affected Version(s)

JD Edwards EnterpriseOne Human Resources Management 9.2

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.