CVE-2018-3125

Name of the Vulnerable Software and Affected Versions Oracle Retail Merchandising System version 14.1

Description The issue is related to inadequate access control in the Security (SQL Logger) component of the Oracle Retail Merchandising System. This can be exploited by a remote attacker to gain read, modify, add, or delete access to data using the HTTP protocol. Successful attacks can result in unauthorized access to some of the system's data.

Recommendations For version 14.1, update the system to a version that includes the fix for this issue, as the current version is easily exploitable and allows unauthenticated attackers to compromise the system via HTTP. At the moment, there is no information about a newer version that contains a fix for this vulnerability.