Oracle Retail Back Office unauthorized access vulnerability

Summary

Oracle Retail Applications is a set of Retail application store solutions from Oracle. Oracle Retail Back Office is one of the Retail backend components that provides retailers with real-time access to storage management and reporting capabilities.

There is an unauthorized access vulnerability in Oracle Retail Back Office, which can be exploited by an attacker to read, update, insert or delete data without authorization, affecting the confidentiality and integrity of data.


Solution

At present, the vendor has released the patches to repair loopholes, patch for a link: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html