A critical vulnerability in Oracle JD Edwards EnterpriseOne General Ledger version 9.2 allows low-privileged attackers to achieve full system takeover via SMB.

This easily exploitable vulnerability exists in the E1 Foundation component. It allows a low-privileged attacker with network access via SMB to compromise the General Ledger, with the potential for scope change to impact additional products.

The CVSS score of 9.9 signifies a critical risk to business-critical financial data. A successful takeover of the General Ledger module could lead to unauthorized modification of financial records, data theft, and significant compliance/regulatory repercussions.

Immediate Action: Patch the affected JD Edwards EnterpriseOne 9.2 instance using the June 2026 Critical Security Patch Update.

Proactive Monitoring: Review SMB traffic and log files for suspicious access patterns related to the E1 Foundation component.

Compensating Controls: Restrict SMB access to the JD Edwards environment to authorized, authenticated workstations only until the patch is applied.

Public Exploit Available: False

The severity of this vulnerability necessitates immediate patching. Organizations should prioritize updating their JD Edwards EnterpriseOne environments to mitigate the risk of financial data compromise and system-wide takeover.