Vulnerability in MICROS Retail-J Component of Oracle Retail Applications
CVE-2018-2888

6.7MEDIUM

Key Information:

Vendor: Oracle
Status: Micros Retail-j
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists in the MICROS Retail-J component of Oracle Retail Applications, allowing potential unauthorized access and manipulation of critical data. Exploiting this vulnerability requires physical access and human interaction, making it challenging to exploit. Attackers may gain unauthorized abilities, leading to the creation, deletion, or modification of key data within the system, which not only impacts MICROS Retail-J but could also affect other integrated products. Furthermore, this vulnerability can result in a partial denial of service, affecting the availability of essential services.

Affected Version(s)

MICROS Retail-J 10.2.x

MICROS Retail-J 11.0.x

MICROS Retail-J 12.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104822

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017