Vulnerability in Oracle Retail Open Commerce Platform Affecting Multiple Versions
CVE-2017-10172

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Retail Open Commerce Platform Cloud Service
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the Oracle Retail Open Commerce Platform that allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. Successful exploitation of this vulnerability necessitates human interaction from a user other than the attacker. Although the vulnerability is localized to the Oracle Retail Open Commerce Platform, the consequences of a successful attack can extend to other products. If exploited, an attacker may gain unauthorized access for updating, inserting, or deleting accessible data within the platform, as well as unauthorized reading of certain subsets of available data.

Affected Version(s)

Retail Open Commerce Platform Cloud Service 5.0

Retail Open Commerce Platform Cloud Service 5.1

Retail Open Commerce Platform Cloud Service 5.2

References

http://www.securityfocus.com/bid/99737
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038944
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.