CVE-2021-2057

Name of the Vulnerable Software and Affected Versions: Oracle Retail Customer Management and Segmentation Foundation version 19.0

Description: The issue is related to insufficient access control in the Internal Operations component, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to data, including update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service.

Recommendations: For version 19.0, consider restricting access to the Internal Operations component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of HTTP protocol for remote access to the Oracle Retail Customer Management and Segmentation Foundation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.