Vulnerability in Oracle Retail Customer Engagement Affects Data Integrity
CVE-2018-3312

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Retail Customer Management And Segmentation Foundation
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the Oracle Retail Customer Engagement component that allows an attacker with high privileges and network access via HTTP to compromise the system. Exploitation of this vulnerability can lead to unauthorized actions such as the creation, deletion or modification of critical data. It also allows unauthorized read access to certain data and can potentially cause a partial denial of service. Supported affected versions include 16.0 and 17.0.

Affected Version(s)

Retail Customer Management and Segmentation Foundation 16.0

Retail Customer Management and Segmentation Foundation 17.0

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 15, 2017