Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications (subcomponent: Segment). Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Engagement. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Engagement accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Engagement accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Engagement. CVSS 3.0 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Retail Applications Retail Customer Engagement 访问控制错误漏洞
Vulnerability Description
Oracle Retail Applications是美国甲骨文(Oracle)公司的一套零售应用商店解决方案。该产品包括库存管理、销售管理和客户管理等。Retail Customer Engagement是其中的一个零售商客户参与组件,主要用于与客户互动以增加客户参与度。 Oracle Retail Applications中的Oracle Retail Customer Engagement组件16.0版本和17.0版本的Segment子组件存在安全漏洞。攻击者可利用该漏洞未授权读取、创建、删除或修改
CVSS Information
N/A
Vulnerability Type
N/A