Vulnerability in Oracle Retail Open Commerce Platform Allows Unauthorized Data Access
CVE-2017-10173

5.8MEDIUM

Key Information:

Vendor
Oracle
Status
Retail Open Commerce Platform Cloud Service
Vendor
CVE Published:
8 August 2017

Summary

The Oracle Retail Open Commerce Platform is vulnerable to an unauthenticated access issue that allows remote attackers to perform unauthorized updates, inserts, or deletions on accessible data. Attackers exploiting this vulnerability can access the platform through HTTP, potentially compromising the integrity of sensitive information. This flaw affects multiple versions, making it imperative for users to apply mitigations to safeguard their data.

Affected Version(s)

Retail Open Commerce Platform Cloud Service 5.0

Retail Open Commerce Platform Cloud Service 5.1

Retail Open Commerce Platform Cloud Service 5.2

References

http://www.securitytracker.com/id/1038944
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99745
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.