cnvd - cnvd-2019-39864

cnvd-2019-39864

Vulnerability from cnvd

Title

Oracle Retail Applications Retail Customer Management and Segmentation Foundation组件访问控制错误漏洞

Description

Oracle Retail Applications是美国甲骨文（Oracle）公司的一套零售应用商店解决方案。Retail Customer Management and Segmentation Foundation是其中的一个零售客户管理组件。 Oracle Retail Applications Retail Customer Management and Segmentation Foundation组件存在访问控制错误漏洞。攻击者可利用该漏洞未授权更新、插入或删除数据，造成拒绝服务，影响数据的完整性和可用性。

Severity

中

Patch Name

Oracle Retail Applications Retail Customer Management and Segmentation Foundation组件访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Reference

https://www.securityfocus.com/bid/104827

Impacted products

Name
['Oracle Retail Applications 16.', 'Oracle Retail Applications 17.']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3053",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3053"
    }
  },
  "description": "Oracle Retail Applications\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u96f6\u552e\u5e94\u7528\u5546\u5e97\u89e3\u51b3\u65b9\u6848\u3002Retail Customer Management and Segmentation Foundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u96f6\u552e\u5ba2\u6237\u7ba1\u7406\u7ec4\u4ef6\u3002\n\nOracle Retail Applications Retail Customer Management and Segmentation Foundation\u7ec4\u4ef6\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39864",
  "openTime": "2019-11-09",
  "patchDescription": "Oracle Retail Applications\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u96f6\u552e\u5e94\u7528\u5546\u5e97\u89e3\u51b3\u65b9\u6848\u3002Retail Customer Management and Segmentation Foundation\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u96f6\u552e\u5ba2\u6237\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nOracle Retail Applications Retail Customer Management and Segmentation Foundation\u7ec4\u4ef6\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Retail Applications Retail Customer Management and Segmentation Foundation\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Retail Applications 16.*",
      "Oracle Retail Applications 17.*"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/104827",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-03",
  "title": "Oracle Retail Applications Retail Customer Management and Segmentation Foundation\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2018-3053 (GCVE-0-2018-3053)

Vulnerability from cvelistv5

Published

2018-07-18 13:00

Modified

2024-10-02 19:55

Severity ?

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation.

Summary

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L).

References

URL

Tags

	http://www.securityfocus.com/bid/104827	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM