Description
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Enterprise Infrastructure Security component of Oracle JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access to the JDENET channel can exploit this flaw to fully compromise the JD Edwards EnterpriseOne Tools installation, resulting in loss of confidentiality, integrity, and availability. The referenced CVSS vector shows all three core privileges are at high impact, indicating the potential for total system takeover. Based on the description, it is inferred that an attacker could execute arbitrary code remotely, which typically results from the ability to fully compromise the system.

Affected Systems

Oracle JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 are affected. The product is listed as Oracle Corporation:JD Edwards EnterpriseOne Tools in the CNA vendor/product table.

Risk and Exploitability

The severity is very high with a CVSS 9.8 score. EPSS indicates a very low probability of exploit (<1%), and the vulnerability is not currently listed in CISA KEV, suggesting no confirmed exploits yet. However, the normal network access via JDENET and lack of authentication creates an easy attack path for an adversary with network reach. The likely impact is remote code execution, inferred from the description that the attacker can fully compromise the system.

Generated by OpenCVE AI on June 17, 2026 at 20:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch for JD Edwards EnterpriseOne Tools 9.2.0.0‑9.2.26.2 as detailed in the Oracle security alert.
  • Restrict JDENET communications to trusted internal networks or add authentication mechanisms to block unauthenticated access.
  • Conduct a network assessment to verify no open JDENET ports are reachable from untrusted sources.

Generated by OpenCVE AI on June 17, 2026 at 20:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle jd Edwards Enterpriseone Tools
CPEs cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle jd Edwards Enterpriseone Tools
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Jd Edwards Enterpriseone Tools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:36:39.863Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46882

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:00:15Z

Weaknesses

No weakness.