Security Vulnerability in Oracle Retail Applications Affecting Multiple Versions
CVE-2017-10423

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Retail Back Office
Vendor
CVE Published:
19 October 2017

Summary

An exploitation exists in the Oracle Retail Back Office component of Oracle Retail Applications, enabling low-privileged network attackers to exploit the vulnerability via HTTP. This weakness allows unauthorized data manipulations, including updates, inserts, or deletes, alongside unauthorized read access to some accessible data. While the flaw is specific to Oracle Retail Back Office, the ramifications can extend to affect other integrated products significantly, rendering data vulnerable to exposure if not mitigated appropriately.

Affected Version(s)

Retail Back Office 13.2

Retail Back Office 13.3

Retail Back Office 13.4

References

http://www.securityfocus.com/bid/101380
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101342
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.