Oracle Commerce Platform Dynamo Personalization Server Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in the Oracle Commerce Platform, specifically within the Dynamo Personalization Server component. It affects versions 11.3.0, 11.3.1, and 11.3.2. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise the Oracle Commerce Platform. Exploitation of this vulnerability requires human interaction from someone other than the attacker. While the issue is contained within the Oracle Commerce Platform, successful attacks could significantly impact other products, leading to a scope change. The vulnerability allows for unauthorized updates, inserts, or deletions of certain accessible data within the Oracle Commerce Platform, as well as unauthorized read access to a subset of that data.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, modify, or delete certain data within the Oracle Commerce Platform.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Commerce Platform Dynamo Personalization Server Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle Commerce Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating