CVE-2018-2891

Name of the Vulnerable Software and Affected Versions Oracle Retail Bulk Data Integration version 16.0

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some of Oracle Retail Bulk Data Integration's accessible data, as well as unauthorized read access to a subset of Oracle Retail Bulk Data Integration's accessible data.

Recommendations For version 16.0, update to a version that includes a fix for this issue, as the current version is easily exploitable and can lead to significant data access breaches. As a temporary workaround, consider restricting access to the BDI Job Scheduler component to minimize the risk of exploitation.