Order Promising Vulnerability in JD Edwards by Oracle
CVE-2026-46907
9.9CRITICAL
Key Information:
- Vendor
Oracle
- Vendor
- CVE Published:
- 16 June 2026
What is CVE-2026-46907?
A vulnerability exists in Oracle's JD Edwards EnterpriseOne Order Promising product, specifically within the Order Promising Integration component. This flaw can be easily exploited by low-privileged attackers who have network access via HTTP. Once compromised, this can lead to a full takeover of the Order Promising system, and consequently, a significant impact on other associated products. The vulnerability may allow for unauthorized access and manipulation of sensitive data, posing risks to the confidentiality, integrity, and availability of the system. It underscores the necessity for timely patching and robust security practices.
Affected Version(s)
JD Edwards EnterpriseOne Order Promising 9.2