Vulnerability in Oracle Retail Applications MICROS Relate CRM Software
CVE-2018-3052

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Micros Relate Crm Software
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists in the MICROS Relate CRM Software component of Oracle Retail Applications, specifically affecting versions 10.8.x and 11.4.x. This flaw allows a low privileged attacker with network access via HTTP to exploit the system. The vulnerability can result in unauthorized updates, inserts, or deletions of data within the MICROS Relate CRM Software, as well as enabling an unauthorized partial denial of service. Due to the nature of the impacted software, successful exploitation poses risks not only to MICROS Relate CRM Software but also potentially affects other interconnected systems.

Affected Version(s)

MICROS Relate CRM Software 10.8.x

MICROS Relate CRM Software 11.4.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104825

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017