Cross-Site Scripting Vulnerability in Oracle Retail Merchandising System
CVE-2018-2730

6.4MEDIUM

Key Information:

Vendor
Oracle
Status
Retail Merchandising System
Vendor
CVE Published:
18 January 2018

Summary

The Oracle Retail Merchandising System, part of Oracle Retail Applications, is exposed to a Cross-Site Scripting vulnerability that allows attackers with low privileges and network access via HTTP to exploit the system. This could lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of sensitive information. The potential impact extends beyond the affected product, emphasizing the need for immediate security measures to protect against data leaks and integrity issues.

Affected Version(s)

Retail Merchandising System 16.0

References

http://www.securityfocus.com/bid/102680
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.