Unauthenticated Access Flaw in Oracle Retail Applications by Oracle
CVE-2018-2891

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Retail Bulk Data Integration
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists within the Oracle Retail Bulk Data Integration component, specifically impacting the BDI Job Scheduler. An unauthenticated attacker can exploit this flaw via HTTP, requiring human interaction from a victim. While the vulnerability primarily affects the Bulk Data Integration, successful attacks can lead to unauthorized access, allowing attackers to update, insert, or delete accessible data. Moreover, there is a risk of unauthorized read access to sensitive information. This vulnerability can significantly affect additional components within Oracle Retail Applications.

Affected Version(s)

Retail Bulk Data Integration 16.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104829

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017