SB20190716133 - Multiple vulnerabilities in Oracle Retail Customer Management and Segmentation Foundation

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20190716133

SB20190716133 - Multiple vulnerabilities in Oracle Retail Customer Management and Segmentation Foundation

Published: July 16, 2019

Security Bulletin ID SB20190716133
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Medium 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-3316)

The vulnerability allows a remote authenticated user to read, manipulate or delete data.

The vulnerability exists due to improper input validation within the Segment component in Oracle Retail Customer Management and Segmentation Foundation. A remote authenticated user can exploit this vulnerability to read, manipulate or delete data.


2) Input validation error (CVE-ID: CVE-2018-19362)

The disclosed vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists due to fail to block the jboss-common-coreclass from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to perform unauthorized actions on the system, which could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.


3) Improper input validation (CVE-ID: CVE-2018-3315)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Customer component in Oracle Retail Customer Management and Segmentation Foundation. A remote authenticated user can exploit this vulnerability to read and manipulate data.


Remediation

Install update from vendor's website.

References