PT-2020-1410 · Oracle · Oracle Retail Customer Management/Segmentation Foundation
Afanti
·
Published
2020-01-14
·
Updated
2022-07-28
·
CVE-2020-2650
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Retail Customer Management and Segmentation Foundation version 16.0
Description
The issue is related to inadequate access control in the Promotions component, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of the data.
Recommendations
For version 16.0, apply the necessary security patches to fix the access control issue in the Promotions component. As a temporary workaround, consider restricting access to the Promotions component to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Retail Customer Management/Segmentation Foundation