CVE-2019-2872

Name of the Vulnerable Software and Affected Versions Oracle Retail Xstore Point of Service versions 17.0.3, 18.0.1, 19.0.0

Description The issue is related to inadequate access control in the Point of Sale component of Oracle Retail Xstore Point of Service. Exploitation of this issue may allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information. The vulnerability is difficult to exploit and requires physical access to compromise the system. Successful attacks also require human interaction from a person other than the attacker, potentially leading to unauthorized access to some data.

Recommendations For versions 17.0.3, 18.0.1, and 19.0.0, consider restricting physical access to the system to minimize the risk of exploitation. As a temporary workaround, limit human interaction with the system from unauthorized individuals until a fix is available. Restrict access to sensitive data and functions within the Point of Sale component to reduce the potential impact of unauthorized access.