Unauthenticated Access Vulnerability in Oracle Retail Applications
CVE-2018-2887

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Micros Retail-j
Vendor: CVE Published:; 17 October 2018

Summary

The vulnerability in the MICROS Retail-J component of Oracle Retail Applications allows an unauthenticated attacker with HTTP network access to compromise the system. This exploitable flaw can lead to unauthorized data manipulation, including updates, inserts, or deletions, and enables unauthorized read access to sensitive data within MICROS Retail-J. Affected versions include 13.0.0 and 12.1.2, making it crucial for users to apply security updates promptly to mitigate potential risks.

Affected Version(s)

MICROS Retail-J 13.0.0

MICROS Retail-J 12.1.2

References

http://www.securityfocus.com/bid/105592

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017