CVE-2019-2880

Name of the Vulnerable Software and Affected Versions Oracle Retail Store Inventory Management version 16.0

Description The issue is related to insufficient access control in the Security component of the Oracle Retail Store Inventory Management product. It allows a low-privileged attacker with network access via HTTP to compromise the application, potentially resulting in a takeover. The vulnerability is easily exploitable and can impact confidentiality, integrity, and availability.

Recommendations For version 16.0, update the software to a version that includes the necessary security patches to resolve the issue. As a temporary workaround, consider restricting access to the application via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.