Database Vulnerability in Oracle Retail Applications Affecting MICROS Retail-J
CVE-2018-2881

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Micros Retail-j
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists in the MICROS Retail-J component of Oracle Retail Applications, allowing low privileged attackers with network access via HTTP to manipulate MICROS Retail-J data. Successful exploitation could lead to unauthorized updates, inserts, or deletions, as well as unauthorized read access to specific data sets, and may also enable attackers to partially disrupt the service. This presents significant risks to the confidentiality, integrity, and availability of the system.

Affected Version(s)

MICROS Retail-J 11.0.x

MICROS Retail-J 12.0.x

MICROS Retail-J 12.1.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104822

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017