User Interface Vulnerability in Oracle Retail Point-of-Service Software
CVE-2018-2862

7.1HIGH

Key Information:

Vendor: Oracle
Status: Retail Point-of-service
Vendor: CVE Published:; 19 April 2018

Summary

A vulnerability exists in the User Interface component of the Oracle Retail Point-of-Service, which can be exploited by low privileged attackers with network access via HTTP. This can lead to unauthorized access to sensitive data or complete control over the data stored within Oracle Retail Point-of-Service. Successful exploitation can allow attackers to execute unauthorized updates, insertions, or deletions of data, compromising the confidentiality and integrity of critical business information.

Affected Version(s)

Retail Point-of-Service 13.3.8

Retail Point-of-Service 13.4.9

Retail Point-of-Service 14.0.4

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103803

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 15, 2017