PT-2019-3809 · Oracle · Oracle Retail Customer Management/Segmentation Foundation
Published
2019-10-15
·
Updated
2020-08-24
·
CVE-2019-2884
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Retail Customer Management and Segmentation Foundation version 17.0
Description
The issue is related to a lack of protection for service data in the Segment component of the Oracle Retail Customer Management and Segmentation Foundation software. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks can result in unauthorized access to critical data.
Recommendations
For version 17.0, update to a version that includes a fix for this issue to prevent unauthorized access to critical data. As a temporary workaround, consider restricting access to the Segment component to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Retail Customer Management/Segmentation Foundation