CVE-2018-3312

Name of the Vulnerable Software and Affected Versions Oracle Retail Customer Engagement versions 16.0 through 17.0

Description The issue is related to inadequate access control in the Segment component of Oracle Retail Customer Engagement, allowing a remote attacker with high privileges and network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data, including creation, deletion, or modification of data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service.

Recommendations For versions 16.0 and 17.0, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Segment component to minimize the risk of unauthorized data access or denial of service. Restrict HTTP access to the Oracle Retail Customer Engagement component to reduce the risk of remote exploitation.