PT-2018-2281 · Oracle · Oracle Retail Xstore Point Of Service

Publicado

2018-10-16

Atualizado

2019-10-03

CVE-2018-3126

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:H/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Retail Xstore Point of Service versions 15.0.2, 16.0.4, 17.0.2

Description The issue is related to inadequate access control in the Oracle Retail Xstore Point of Service component, specifically in the Xenvironment subcomponent. It allows a highly privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle Retail Xstore Point of Service.

Recommendations For versions 15.0.2, 16.0.4, and 17.0.2, update to a version that includes the fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2019-00394

CVE-2018-3126

Produtos afetados

Oracle Retail Xstore Point Of Service

PT-2018-2281 · Oracle · Oracle Retail Xstore Point Of Service

CVE-2018-3126

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5