Order Promising Vulnerability in JD Edwards by Oracle
CVE-2026-46907

9.9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46907?

A vulnerability exists in Oracle's JD Edwards EnterpriseOne Order Promising product, specifically within the Order Promising Integration component. This flaw can be easily exploited by low-privileged attackers who have network access via HTTP. Once compromised, this can lead to a full takeover of the Order Promising system, and consequently, a significant impact on other associated products. The vulnerability may allow for unauthorized access and manipulation of sensitive data, posing risks to the confidentiality, integrity, and availability of the system. It underscores the necessity for timely patching and robust security practices.

Affected Version(s)

JD Edwards EnterpriseOne Order Promising 9.2

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.