Unauthenticated Network Access Weakness in Oracle Retail Xstore Payment Component
CVE-2018-3311

8.6HIGH

Key Information:

Vendor: Oracle
Status: Micros Xstore Payment
Vendor: CVE Published:; 16 January 2019

What is CVE-2018-3311?

A vulnerability exists in the Oracle Retail Xstore Payment component of Oracle Retail Applications, specifically within version 3.3. This weakness allows an unauthenticated attacker to gain network access via HTTP, potentially compromising sensitive data. Successful exploitation can lead to unauthorized access to critical information, enabling attackers to update, insert, or delete data, as well as cause a partial denial of service. Organizations using the affected software should prioritize mitigating this vulnerability to protect their payment processing systems and sensitive consumer data.

Affected Version(s)

MICROS Xstore Payment 3.3

References

http://www.securityfocus.com/bid/106566

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 15, 2017