Unauthorized Access Vulnerability in Oracle Retail Xstore Office
CVE-2024-21136

8.6HIGH

Key Information:

Vendor: Oracle
Status: Retail Xstore Office
Vendor: CVE Published:; 16 July 2024

Summary

A critical vulnerability has been identified in Oracle Retail Xstore Office, allowing unauthenticated attackers with network access via HTTP to breach the system. This security flaw, present in several supported versions, enables attackers to potentially gain unauthorized access to critical and sensitive data stored within the application. Given the severity of this vulnerability, successful exploitation could lead to far-reaching consequences, impacting not only the Xstore Office but also other connected Oracle systems. Organizations using affected versions of Oracle Retail Xstore Office should prioritize patching to safeguard against possible data breaches and ensure the security of their retail operations.

Affected Version(s)

Retail Xstore Office 19.0.5

Retail Xstore Office 20.0.3

Retail Xstore Office 20.0.4

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2024