PT-2024-4995 · Oracle · Oracle Retail Xstore Office
Louis Wolfers
+1
·
Published
2024-07-16
·
Updated
2025-04-28
·
CVE-2024-21136
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Oracle Retail Xstore Office versions 19.0.5, 20.0.3, 20.0.4, 22.0.0, and 23.0.1
Description:
The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office, potentially resulting in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products.
Recommendations:
For versions 19.0.5, 20.0.3, 20.0.4, 22.0.0, and 23.0.1, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Retail Xstore Office