Unauthenticated Remote Code Execution Vulnerability in Oracle Retail Customer Management
CVE-2020-2953

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Retail Customer Management And Segmentation Foundation
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability exists within Oracle Retail Customer Management and Segmentation Foundation that allows unauthenticated attackers with network access to exploit the system. By sending specially crafted HTTP requests, an attacker can potentially take over the affected product, compromising critical data and operational integrity. This flaw emphasizes the urgent need for robust security measures and timely updates to safeguard sensitive information and maintain continuity in retail operations.

Affected Version(s)

Retail Customer Management and Segmentation Foundation 18.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019