Vulnerability Description
Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Retail Merchandising System | 14.1 |
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/106571Third Party AdvisoryVDB Entry
- http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/106571Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-3125?
CVE-2018-3125 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitabl...
How severe is CVE-2018-3125?
CVE-2018-3125 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3125?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Retail Merchandising System.