PT-2018-2312 · Oracle · Micros Retail-J

Publicado

2018-10-16

Atualizado

2019-10-03

CVE-2018-2887

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Retail Applications MICROS Retail-J versions 12.1.2 and 13.0.0

Description The issue is related to inadequate access control in the Back Office component of MICROS Retail-J, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to modify, insert, or delete some data, as well as unauthorized read access to a subset of the data.

Recommendations For version 12.1.2, update to a version that includes the fix for this issue. For version 13.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Back Office component to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2019-00468

CVE-2018-2887

Produtos afetados

Micros Retail-J

PT-2018-2312 · Oracle · Micros Retail-J

CVE-2018-2887

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5