CVE-2018-3120

Name of the Vulnerable Software and Affected Versions Oracle Retail Applications MICROS Lucas versions 2.9.5.6 through 2.9.5.7

Description The issue is related to insufficient access control in the Security component of MICROS Lucas, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of MICROS Lucas. The vulnerability can be exploited using HTTP requests, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For versions 2.9.5.6 and 2.9.5.7, consider restricting access to the MICROS Lucas component via HTTP to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.