CVE Vulnerability

CVE-2018-2862

Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).

5.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch Vendor Advisory
http://www.securityfocus.com/bid/103803 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:oracle:retail_point-of-service:13.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:13.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*
Information

Published : 2018-04-19 02:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-2862

Mitre link : CVE-2018-2862

Products Affected
No products.
CWE
NVD-CWE-noinfo