CVE-2019-2424

Name of the Vulnerable Software and Affected Versions Oracle Retail Convenience Store Back Office version 3.6

Description The issue is related to inadequate access control in the Level 3 Maintenance Functions component. It allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Retail Convenience Store Back Office, resulting in unauthorized access to data, including update, insert, or delete access to some data and read access to a subset of data. Additionally, it can cause a partial denial of service.

Recommendations For version 3.6, update to a version that includes the fix for this issue, as the current version is affected by inadequate access control, allowing unauthorized access and potential data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.