Unauthenticated Access Vulnerability in Oracle Retail Point-of-Service
CVE-2019-2558

7.3HIGH

Key Information:

Vendor: Oracle
Status: Retail Point-of-service
Vendor: CVE Published:; 23 April 2019

Summary

This vulnerability within the Oracle Retail Point-of-Service component allows unauthenticated attackers with HTTP network access to compromise the system. Exploits can lead to unauthorized updates, inserts, or deletions of critical data, as well as unauthorized reading of sensitive information. Attackers could also trigger a partial denial of service, affecting the system’s availability. The flaw affects specific supported versions, highlighting the necessity for timely updates to safeguard against potential attacks.

Affected Version(s)

Retail Point-of-Service 13.4

Retail Point-of-Service 14.0

Retail Point-of-Service 14.1

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018