Unauthenticated Access Vulnerability in Oracle Retail Xstore Office
CVE-2019-2561

8.2HIGH

Key Information:

Vendor: Oracle
Status: Retail Xstore Office
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle Retail Xstore Office component of Oracle Retail Applications, specifically within the Internal Operations subcomponent. This flaw allows unauthenticated attackers with network access via HTTP to compromise the system. An attacker can exploit this weakness to gain unauthorized access to sensitive data and potentially modify, insert, or delete accessible information. The impact includes significant risks to the confidentiality and integrity of the data managed by Oracle Retail Xstore Office.

Affected Version(s)

Retail Xstore Office 7.0

Retail Xstore Office 7.1

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018