Security Flaw in Oracle Retail Merchandising System Exposes Sensitive Data
CVE-2018-3125

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Retail Merchandising System
Vendor: CVE Published:; 16 January 2019

What is CVE-2018-3125?

A security vulnerability exists in the Oracle Retail Merchandising System, specifically in the SQL Logger component. This flaw allows unauthenticated attackers with network access via HTTP to manipulate sensitive data. Successful exploitation enables unauthorized users to perform operations such as updating, inserting, or deleting data, as well as gaining unauthorized read access to some sensitive data stored within the system. Proper mitigation is essential to protect against potential data breaches.

Affected Version(s)

Retail Merchandising System 14.1

References

http://www.securityfocus.com/bid/106571

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 15, 2017