Local Vulnerability in Oracle Retail Xstore Payment Component
CVE-2016-5539

7.3HIGH

Key Information:

Vendor: Oracle
Status: Micros Xstore Payment
Vendor: CVE Published:; 25 October 2016

Summary

A local vulnerability has been identified in the Oracle Retail Xstore Payment component of Oracle Retail Applications version 1.x. This flaw allows an authenticated local user to manipulate system aspects that could compromise the confidentiality, integrity, and availability of the affected application. Details regarding how this vulnerability can be exploited remain unspecified, indicating potential risks that need to be addressed to safeguard sensitive data.

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93663

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2016
Vulnerability Reserved
Jun 16, 2016