CVE-2020-2649

Name of the Vulnerable Software and Affected Versions Oracle Retail Customer Management and Segmentation Foundation version 16.0

Description The issue is related to insufficient access control in the Internal Operations component of the Oracle Retail Customer Management and Segmentation Foundation software. This can allow an attacker to gain unauthorized access to protected information. The vulnerability is easily exploitable and can be compromised by a low-privileged attacker with logon access to the infrastructure where the software is executed. Successful attacks can result in unauthorized read access to a subset of the software's accessible data.

Recommendations For version 16.0, update the software to a version that includes the necessary security patches to address the insufficient access control issue. As a temporary workaround, consider restricting access to the Internal Operations component to minimize the risk of exploitation.