CVE-2019-2883

Name of the Vulnerable Software and Affected Versions Oracle Retail Customer Management and Segmentation Foundation version 17.0

Description The issue is related to inadequate access control in the Segment component of Oracle Retail Customer Management and Segmentation Foundation. It can be exploited by a remote attacker to gain unauthorized access to modify, add, or delete data, or to access protected information using the HTTP protocol. The attack requires human interaction from someone other than the attacker and can result in unauthorized access to some data.

Recommendations For version 17.0, update the software to a version that includes the necessary security patches to address the inadequate access control issue. As a temporary workaround, consider restricting access to the Segment component to minimize the risk of exploitation.