Lucene search

OracleCVE-2018-3126

HistoryOct 17, 2018 - 1:31 a.m.

CVE-2018-3126

2018-10-1701:31:15

oracle

web.nvd.nist.gov

cve-2018-3126

oracle

retail

xstore

point of service

vulnerability

nvd

security

http

compromise

cvss

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

Nvd

Vulners

Node

oracleretail_xstore_point_of_serviceMatch15.0.2

oracleretail_xstore_point_of_serviceMatch16.0.4

oracleretail_xstore_point_of_serviceMatch17.0.2

VendorProductVersionCPE
oracleretail_xstore_point_of_service15.0.2cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.2:*:*:*:*:*:*:*
oracleretail_xstore_point_of_service16.0.4cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.4:*:*:*:*:*:*:*
oracleretail_xstore_point_of_service17.0.2cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	retail_xstore_point_of_service	15.0.2	cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.2:::::::*
oracle	retail_xstore_point_of_service	16.0.4	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.4:::::::*
oracle	retail_xstore_point_of_service	17.0.2	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.2:::::::*

CNA Affected

[
  {
    "product": "Retail Xstore Point of Service",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "15.0.2"
      },
      {
        "status": "affected",
        "version": "16.0.4"
      },
      {
        "status": "affected",
        "version": "17.0.2"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/105596

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

Related for CVE-2018-3126