PT-2018-2281 · Oracle · Oracle Retail Xstore Point Of Service

Published

2018-10-16

Updated

2019-10-03

CVE-2018-3126

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:H/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Retail Xstore Point of Service versions 15.0.2, 16.0.4, 17.0.2

Description The issue is related to inadequate access control in the Oracle Retail Xstore Point of Service component, specifically in the Xenvironment subcomponent. It allows a highly privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle Retail Xstore Point of Service.

Recommendations For versions 15.0.2, 16.0.4, and 17.0.2, update to a version that includes the fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2019-00394

CVE-2018-3126

Affected Products

Oracle Retail Xstore Point Of Service

PT-2018-2281 · Oracle · Oracle Retail Xstore Point Of Service

CVE-2018-3126

Weakness Enumeration

Related Identifiers

Affected Products

References · 5