Looke

**Name of the Vulnerable Software and Affected Versions** Oracle Retail Customer Management and Segmentation Foundation version 16.0 **Description** The issue is related to insufficient access control in the Internal Operations component of the Oracle Retail Customer Management and Segmentation Foundation software. This can allow an attacker to gain unauthorized access to protected information. The vulnerability is easily exploitable and can be compromised by a low-privileged attacker with logon access to the infrastructure where the software is executed. Successful attacks can result in unauthorized read access to a subset of the software's accessible data. **Recommendations** For version 16.0, update the software to a version that includes the necessary security patches to address the insufficient access control issue. As a temporary workaround, consider restricting access to the Internal Operations component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0 **Description** The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some of Oracle WebLogic Server's accessible data, as well as unauthorized read access to a subset of the server's accessible data. **Recommendations** For version 10.3.6.0.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the WLS Core Components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server version 10.3.6.0.0 **Description** The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a high-privileged attacker with network access via HTTP to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For version 10.3.6.0.0, consider restricting access to the WLS Core Components until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server version 10.3.6.0.0 **Description** The issue is related to insufficient access control in the WLS Core Components of Oracle WebLogic Server, allowing a high-privileged attacker with network access via HTTP to compromise the server. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of Oracle WebLogic Server's accessible data, as well as unauthorized read access to a subset of the server's accessible data. **Recommendations** For Oracle WebLogic Server version 10.3.6.0.0, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation, such as limiting HTTP access to the server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 **Description** The issue is related to insufficient access control in the Console component of Oracle WebLogic Server, allowing a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some of Oracle WebLogic Server's accessible data, as well as unauthorized read access to a subset of Oracle WebLogic Server's accessible data. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the Console component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. Avoid using the Oracle WebLogic Server Console component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.