PT-2026-3696 · Oracle · Jd Edwards+1
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21946
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle JD Edwards versions 9.2.0.0 through 9.2.26.0
Description
A flaw exists within the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation requires interaction from a user other than the attacker. Attacks may impact additional products beyond JD Edwards EnterpriseOne Tools. Successful attacks can lead to unauthorized data modification, insertion, or deletion, as well as unauthorized data reading.
Recommendations
Update JD Edwards EnterpriseOne Tools to a version later than 9.2.26.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jd Edwards
Jd Edwards Enterpriseone Tools