PT-2020-2623 · Oracle · Oracle Retail Customer Management/Segmentation Foundation

Published

2020-04-14

Updated

2020-04-16

CVE-2020-2953

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Retail Customer Management and Segmentation Foundation version 18.0

Description The issue is related to inadequate access control in the Promotions component, allowing an unauthenticated attacker with network access via HTTP to compromise the Oracle Retail Customer Management and Segmentation Foundation. Successful attacks can result in the takeover of the application.

Recommendations For version 18.0, update to a version that addresses the access control issue in the Promotions component to prevent potential takeover of the application. As a temporary workaround, consider restricting access to the Promotions component until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2020-02660

CVE-2020-2953

Affected Products

Oracle Retail Customer Management/Segmentation Foundation

PT-2020-2623 · Oracle · Oracle Retail Customer Management/Segmentation Foundation

CVE-2020-2953

Weakness Enumeration

Related Identifiers

Affected Products

References · 4