N/A

Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Merchandising accessible data as well as unauthorized read access to a subset of Oracle Commerce Merchandising accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

N/A

N/A

Oracle Commerce Merchandising组件访问控制错误漏洞

Oracle Commerce是美国甲骨文（Oracle）公司的一套电子商务解决方案。Commerce Merchandising是其中的一个电子商务平台推销组件。 Oracle Commerce中的Commerce Merchandising组件11.2.0.3版本的Asset Manager子组件存在安全漏洞。攻击者可利用该漏洞未授权读取、更新、插入或删除数据，影响数据的保密性和完整性。

N/A

N/A