CVE Vulnerabilities

CVE-2019-2896

Published: Oct 16, 2019 | Modified: Oct 21, 2019
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications (component: Internal Operations). Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Relate CRM Software. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Relate CRM Software accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Software

Name Vendor Start Version End Version
Micros_relate_customer_relationship_management_software Oracle 7.1.0 (including) 7.1.0 (including)
Micros_relate_customer_relationship_management_software Oracle 15.0.0 (including) 15.0.0 (including)
Micros_relate_customer_relationship_management_software Oracle 16.0.0 (including) 16.0.0 (including)
Micros_relate_customer_relationship_management_software Oracle 17.0.0 (including) 17.0.0 (including)
Micros_relate_customer_relationship_management_software Oracle 18.0.0 (including) 18.0.0 (including)

References