Vulnerability in Oracle Retail Xstore Point of Service Affects Multiple Versions
CVE-2019-2872

2.7LOW

Key Information:

Vendor: Oracle
Status: Retail Xstore Point Of Service
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle Retail Xstore Point of Service that can be exploited through physical access. This flaw requires that a user with physical presence interact with the system, potentially allowing unauthorized updates, deletions, or insertions of sensitive data. Attackers could gain unauthorized read access to specific datasets, compromising the integrity and confidentiality of the accessed information. Affected versions include 17.0.3, 18.0.1, and 19.0.0, highlighting the importance of safeguarding physical access to the point of sale systems.

Affected Version(s)

Retail Xstore Point of Service 17.0.3

Retail Xstore Point of Service 18.0.1

Retail Xstore Point of Service 19.0.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018