CVE-2018-3314

Name of the Vulnerable Software and Affected Versions Oracle Retail Applications MICROS Relate CRM Software version 11.4

Description The issue is related to inadequate access control in the Customer component of the MICROS Relate CRM Software. It allows a low-privileged attacker with network access via HTTP to compromise the software. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all accessible data. The vulnerability can be exploited by sending specially crafted HTTP requests.

Recommendations For version 11.4, consider restricting access to the Customer component until a fix is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. Additionally, review and enforce strict access controls to prevent unauthorized data modification or access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.