CVE-2017-10172

Name of the Vulnerable Software and Affected Versions Oracle Retail Open Commerce Platform versions 5.0 through 6.1 Oracle Retail Open Commerce Platform versions 15.0 through 15.1

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of the platform's accessible data, as well as unauthorized read access to a subset of the platform's accessible data.

Recommendations For Oracle Retail Open Commerce Platform versions 5.0 through 6.1, update to a version that is not affected by this issue. For Oracle Retail Open Commerce Platform versions 15.0 through 15.1, update to a version that is not affected by this issue.